From sle-updates at lists.suse.com Fri Jul 1 19:15:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jul 2022 21:15:43 +0200 (CEST) Subject: SUSE-SU-2022:2220-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15) Message-ID: <20220701191543.AB4F410016@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2220-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_89 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2220=1 SUSE-SLE-Module-Live-Patching-15-2022-2221=1 SUSE-SLE-Module-Live-Patching-15-2022-2222=1 SUSE-SLE-Module-Live-Patching-15-2022-2223=1 SUSE-SLE-Module-Live-Patching-15-2022-2224=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-4-150000.2.2 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-4-150000.2.2 kernel-livepatch-4_12_14-150_75-default-15-150000.2.2 kernel-livepatch-4_12_14-150_75-default-debuginfo-15-150000.2.2 kernel-livepatch-4_12_14-150_78-default-10-150000.2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-10-150000.2.2 kernel-livepatch-4_12_14-150_83-default-6-150000.2.2 kernel-livepatch-4_12_14-150_83-default-debuginfo-6-150000.2.2 kernel-livepatch-4_12_14-150_86-default-5-150000.2.2 kernel-livepatch-4_12_14-150_86-default-debuginfo-5-150000.2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Fri Jul 1 22:16:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 00:16:25 +0200 (CEST) Subject: SUSE-SU-2022:2239-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3) Message-ID: <20220701221625.143A410016@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2239-1 Rating: important References: #1199606 #1199648 #1200266 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1734 CVE-2022-1966 CVE-2022-1972 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_46 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2238=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2239=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2240=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2241=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2242=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2243=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-10-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-10-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-10-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-10-150300.2.2 kernel-livepatch-5_3_18-57-default-19-150200.3.2 kernel-livepatch-5_3_18-57-default-debuginfo-19-150200.3.2 kernel-livepatch-5_3_18-59_34-default-12-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-12-150300.2.2 kernel-livepatch-5_3_18-59_37-default-11-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-11-150300.2.2 kernel-livepatch-5_3_18-59_5-default-17-150300.2.2 kernel-livepatch-5_3_18-59_5-default-debuginfo-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_0-debugsource-19-150200.3.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-11-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-12-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200266 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Fri Jul 1 22:17:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 00:17:23 +0200 (CEST) Subject: SUSE-SU-2022:2237-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) Message-ID: <20220701221723.0DE2610016@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2237-1 Rating: important References: #1196959 #1199648 Cross-References: CVE-2021-39698 CVE-2022-1116 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues. The following security issues were fixed: - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2237=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_115-default-2-150200.2.2 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-2-150200.2.2 kernel-livepatch-SLE15-SP2_Update_27-debugsource-2-150200.2.2 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1116.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1199648 From sle-updates at lists.suse.com Fri Jul 1 22:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 00:18:15 +0200 (CEST) Subject: SUSE-SU-2022:2230-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) Message-ID: <20220701221815.0AF9E10016@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2230-1 Rating: important References: #1199606 #1199648 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1734 CVE-2022-1966 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2225=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2226=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2227=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2228=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2229=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2230=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2231=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2232=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2233=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2234=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2235=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2236=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-4-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-4-150200.2.2 kernel-livepatch-5_3_18-24_102-default-9-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-9-150200.2.2 kernel-livepatch-5_3_18-24_107-default-8-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-8-150200.2.2 kernel-livepatch-5_3_18-24_53_4-default-17-150200.2.2 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_70-default-17-150200.2.2 kernel-livepatch-5_3_18-24_70-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_75-default-16-150200.2.2 kernel-livepatch-5_3_18-24_75-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_78-default-15-150200.2.2 kernel-livepatch-5_3_18-24_78-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_83-default-13-150200.2.2 kernel-livepatch-5_3_18-24_83-default-debuginfo-13-150200.2.2 kernel-livepatch-5_3_18-24_86-default-13-150200.2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-13-150200.2.2 kernel-livepatch-5_3_18-24_93-default-12-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-12-150200.2.2 kernel-livepatch-5_3_18-24_96-default-11-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-11-150200.2.2 kernel-livepatch-5_3_18-24_99-default-10-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-10-150200.2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_16-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_17-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_18-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_19-debugsource-13-150200.2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-13-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-12-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-11-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-10-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-9-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-4-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-8-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Sat Jul 2 07:30:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 09:30:15 +0200 (CEST) Subject: SUSE-CU-2022:1396-1: Security update of suse/sles12sp3 Message-ID: <20220702073015.B9E5A10014@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1396-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.405 , suse/sles12sp3:latest Container Release : 24.405 Severity : moderate Type : security References : 1200550 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2180-1 Released: Fri Jun 24 14:28:00 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_0_0-1.0.2j-60.83.1 updated - openssl-1.0.2j-60.83.1 updated From sle-updates at lists.suse.com Sat Jul 2 07:49:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 09:49:03 +0200 (CEST) Subject: SUSE-CU-2022:1397-1: Security update of suse/sles12sp4 Message-ID: <20220702074903.82F3310014@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1397-1 Container Tags : suse/sles12sp4:26.473 , suse/sles12sp4:latest Container Release : 26.473 Severity : moderate Type : security References : 1200550 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2181-1 Released: Fri Jun 24 14:28:53 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - base-container-licenses-3.0-1.299 updated - container-suseconnect-2.0.0-1.188 updated - libopenssl1_0_0-1.0.2p-3.56.1 updated - openssl-1_0_0-1.0.2p-3.56.1 updated From sle-updates at lists.suse.com Sat Jul 2 08:03:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Jul 2022 10:03:23 +0200 (CEST) Subject: SUSE-CU-2022:1398-1: Security update of suse/sles12sp5 Message-ID: <20220702080323.6F47810014@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1398-1 Container Tags : suse/sles12sp5:6.5.346 , suse/sles12sp5:latest Container Release : 6.5.346 Severity : moderate Type : security References : 1200550 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2181-1 Released: Fri Jun 24 14:28:53 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.56.1 updated - openssl-1_0_0-1.0.2p-3.56.1 updated From sle-updates at lists.suse.com Sun Jul 3 01:16:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Jul 2022 03:16:11 +0200 (CEST) Subject: SUSE-SU-2022:2245-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <20220703011611.C493E10015@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2245-1 Rating: important References: #1199606 #1199648 #1200266 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1734 CVE-2022-1966 CVE-2022-1972 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2244=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2245=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2246=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2247=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_54-default-8-150300.2.2 kernel-livepatch-5_3_18-59_24-default-13-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-13-150300.2.2 kernel-livepatch-5_3_18-59_27-default-13-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-13-150300.2.2 kernel-livepatch-5_3_18-59_40-default-11-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-13-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-13-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-11-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200266 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Mon Jul 4 10:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 12:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2248-1: important: Security update for python Message-ID: <20220704101632.AC55710015@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2248-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2248=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2248=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2248=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2248=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2248=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2248=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython2_7-1_0-2.7.18-33.11.1 libpython2_7-1_0-32bit-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.11.1 python-2.7.18-33.11.1 python-32bit-2.7.18-33.11.1 python-base-2.7.18-33.11.1 python-base-32bit-2.7.18-33.11.1 python-base-debuginfo-2.7.18-33.11.1 python-base-debuginfo-32bit-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-curses-2.7.18-33.11.1 python-curses-debuginfo-2.7.18-33.11.1 python-debuginfo-2.7.18-33.11.1 python-debuginfo-32bit-2.7.18-33.11.1 python-debugsource-2.7.18-33.11.1 python-demo-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 python-gdbm-2.7.18-33.11.1 python-gdbm-debuginfo-2.7.18-33.11.1 python-idle-2.7.18-33.11.1 python-tk-2.7.18-33.11.1 python-tk-debuginfo-2.7.18-33.11.1 python-xml-2.7.18-33.11.1 python-xml-debuginfo-2.7.18-33.11.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): python-doc-2.7.18-33.11.1 python-doc-pdf-2.7.18-33.11.1 - SUSE OpenStack Cloud 9 (noarch): python-doc-2.7.18-33.11.1 python-doc-pdf-2.7.18-33.11.1 - SUSE OpenStack Cloud 9 (x86_64): libpython2_7-1_0-2.7.18-33.11.1 libpython2_7-1_0-32bit-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.11.1 python-2.7.18-33.11.1 python-32bit-2.7.18-33.11.1 python-base-2.7.18-33.11.1 python-base-32bit-2.7.18-33.11.1 python-base-debuginfo-2.7.18-33.11.1 python-base-debuginfo-32bit-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-curses-2.7.18-33.11.1 python-curses-debuginfo-2.7.18-33.11.1 python-debuginfo-2.7.18-33.11.1 python-debuginfo-32bit-2.7.18-33.11.1 python-debugsource-2.7.18-33.11.1 python-demo-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 python-gdbm-2.7.18-33.11.1 python-gdbm-debuginfo-2.7.18-33.11.1 python-idle-2.7.18-33.11.1 python-tk-2.7.18-33.11.1 python-tk-debuginfo-2.7.18-33.11.1 python-xml-2.7.18-33.11.1 python-xml-debuginfo-2.7.18-33.11.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython2_7-1_0-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-2.7.18-33.11.1 python-2.7.18-33.11.1 python-base-2.7.18-33.11.1 python-base-debuginfo-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-curses-2.7.18-33.11.1 python-curses-debuginfo-2.7.18-33.11.1 python-debuginfo-2.7.18-33.11.1 python-debugsource-2.7.18-33.11.1 python-demo-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 python-gdbm-2.7.18-33.11.1 python-gdbm-debuginfo-2.7.18-33.11.1 python-idle-2.7.18-33.11.1 python-tk-2.7.18-33.11.1 python-tk-debuginfo-2.7.18-33.11.1 python-xml-2.7.18-33.11.1 python-xml-debuginfo-2.7.18-33.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-doc-2.7.18-33.11.1 python-doc-pdf-2.7.18-33.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpython2_7-1_0-32bit-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.11.1 python-32bit-2.7.18-33.11.1 python-base-32bit-2.7.18-33.11.1 python-base-debuginfo-32bit-2.7.18-33.11.1 python-debuginfo-32bit-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-2.7.18-33.11.1 python-2.7.18-33.11.1 python-base-2.7.18-33.11.1 python-base-debuginfo-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-curses-2.7.18-33.11.1 python-curses-debuginfo-2.7.18-33.11.1 python-debuginfo-2.7.18-33.11.1 python-debugsource-2.7.18-33.11.1 python-demo-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 python-gdbm-2.7.18-33.11.1 python-gdbm-debuginfo-2.7.18-33.11.1 python-idle-2.7.18-33.11.1 python-tk-2.7.18-33.11.1 python-tk-debuginfo-2.7.18-33.11.1 python-xml-2.7.18-33.11.1 python-xml-debuginfo-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.11.1 python-32bit-2.7.18-33.11.1 python-base-32bit-2.7.18-33.11.1 python-base-debuginfo-32bit-2.7.18-33.11.1 python-debuginfo-32bit-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.18-33.11.1 python-doc-pdf-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-2.7.18-33.11.1 python-2.7.18-33.11.1 python-base-2.7.18-33.11.1 python-base-debuginfo-2.7.18-33.11.1 python-base-debugsource-2.7.18-33.11.1 python-curses-2.7.18-33.11.1 python-curses-debuginfo-2.7.18-33.11.1 python-debuginfo-2.7.18-33.11.1 python-debugsource-2.7.18-33.11.1 python-demo-2.7.18-33.11.1 python-devel-2.7.18-33.11.1 python-gdbm-2.7.18-33.11.1 python-gdbm-debuginfo-2.7.18-33.11.1 python-idle-2.7.18-33.11.1 python-tk-2.7.18-33.11.1 python-tk-debuginfo-2.7.18-33.11.1 python-xml-2.7.18-33.11.1 python-xml-debuginfo-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.11.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.11.1 python-32bit-2.7.18-33.11.1 python-base-32bit-2.7.18-33.11.1 python-base-debuginfo-32bit-2.7.18-33.11.1 python-debuginfo-32bit-2.7.18-33.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-doc-2.7.18-33.11.1 python-doc-pdf-2.7.18-33.11.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Mon Jul 4 10:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 12:17:07 +0200 (CEST) Subject: SUSE-SU-2022:2249-1: important: Security update for python Message-ID: <20220704101707.43B1A10015@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2249-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2249=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2249=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2249=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2249=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2249=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2249=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2249=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - SUSE OpenStack Cloud 8 (x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE OpenStack Cloud 8 (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 python-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 python-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - HPE Helion Openstack 8 (noarch): python-doc-2.7.18-28.87.1 python-doc-pdf-2.7.18-28.87.1 - HPE Helion Openstack 8 (x86_64): libpython2_7-1_0-2.7.18-28.87.1 libpython2_7-1_0-32bit-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-2.7.18-28.87.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.87.1 python-2.7.18-28.87.1 python-32bit-2.7.18-28.87.1 python-base-2.7.18-28.87.1 python-base-32bit-2.7.18-28.87.1 python-base-debuginfo-2.7.18-28.87.1 python-base-debuginfo-32bit-2.7.18-28.87.1 python-base-debugsource-2.7.18-28.87.1 python-curses-2.7.18-28.87.1 python-curses-debuginfo-2.7.18-28.87.1 python-debuginfo-2.7.18-28.87.1 python-debuginfo-32bit-2.7.18-28.87.1 python-debugsource-2.7.18-28.87.1 python-demo-2.7.18-28.87.1 python-devel-2.7.18-28.87.1 python-gdbm-2.7.18-28.87.1 python-gdbm-debuginfo-2.7.18-28.87.1 python-idle-2.7.18-28.87.1 python-tk-2.7.18-28.87.1 python-tk-debuginfo-2.7.18-28.87.1 python-xml-2.7.18-28.87.1 python-xml-debuginfo-2.7.18-28.87.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Mon Jul 4 13:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 15:16:41 +0200 (CEST) Subject: SUSE-SU-2022:2253-1: important: Security update for salt Message-ID: <20220704131641.EB4FA10016@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2253-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2253=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2253=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2253=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2253=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3004-150000.8.41.40.1 salt-3004-150000.8.41.40.1 salt-api-3004-150000.8.41.40.1 salt-cloud-3004-150000.8.41.40.1 salt-doc-3004-150000.8.41.40.1 salt-master-3004-150000.8.41.40.1 salt-minion-3004-150000.8.41.40.1 salt-proxy-3004-150000.8.41.40.1 salt-ssh-3004-150000.8.41.40.1 salt-standalone-formulas-configuration-3004-150000.8.41.40.1 salt-syndic-3004-150000.8.41.40.1 salt-transactional-update-3004-150000.8.41.40.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3004-150000.8.41.40.1 salt-fish-completion-3004-150000.8.41.40.1 salt-zsh-completion-3004-150000.8.41.40.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3004-150000.8.41.40.1 salt-3004-150000.8.41.40.1 salt-api-3004-150000.8.41.40.1 salt-cloud-3004-150000.8.41.40.1 salt-doc-3004-150000.8.41.40.1 salt-master-3004-150000.8.41.40.1 salt-minion-3004-150000.8.41.40.1 salt-proxy-3004-150000.8.41.40.1 salt-ssh-3004-150000.8.41.40.1 salt-standalone-formulas-configuration-3004-150000.8.41.40.1 salt-syndic-3004-150000.8.41.40.1 salt-transactional-update-3004-150000.8.41.40.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.40.1 salt-fish-completion-3004-150000.8.41.40.1 salt-zsh-completion-3004-150000.8.41.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3004-150000.8.41.40.1 salt-3004-150000.8.41.40.1 salt-api-3004-150000.8.41.40.1 salt-cloud-3004-150000.8.41.40.1 salt-doc-3004-150000.8.41.40.1 salt-master-3004-150000.8.41.40.1 salt-minion-3004-150000.8.41.40.1 salt-proxy-3004-150000.8.41.40.1 salt-ssh-3004-150000.8.41.40.1 salt-standalone-formulas-configuration-3004-150000.8.41.40.1 salt-syndic-3004-150000.8.41.40.1 salt-transactional-update-3004-150000.8.41.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.40.1 salt-fish-completion-3004-150000.8.41.40.1 salt-zsh-completion-3004-150000.8.41.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3004-150000.8.41.40.1 salt-3004-150000.8.41.40.1 salt-api-3004-150000.8.41.40.1 salt-cloud-3004-150000.8.41.40.1 salt-doc-3004-150000.8.41.40.1 salt-master-3004-150000.8.41.40.1 salt-minion-3004-150000.8.41.40.1 salt-proxy-3004-150000.8.41.40.1 salt-ssh-3004-150000.8.41.40.1 salt-standalone-formulas-configuration-3004-150000.8.41.40.1 salt-syndic-3004-150000.8.41.40.1 salt-transactional-update-3004-150000.8.41.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3004-150000.8.41.40.1 salt-fish-completion-3004-150000.8.41.40.1 salt-zsh-completion-3004-150000.8.41.40.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Mon Jul 4 13:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 15:17:24 +0200 (CEST) Subject: SUSE-SU-2022:2252-1: important: Security update for liblouis Message-ID: <20220704131724.29B4110016@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2252-1 Rating: important References: #1130813 #1197085 #1200120 Cross-References: CVE-2022-26981 CVE-2022-31783 CVSS scores: CVE-2022-26981 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26981 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-31783 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-31783 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2252=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2252=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2252=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2252=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2252=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2252=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2252=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2252=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2252=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2252=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2252=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2252=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 - SUSE CaaS Platform 4.0 (x86_64): liblouis-data-3.3.0-150000.4.8.1 liblouis-debuginfo-3.3.0-150000.4.8.1 liblouis-debugsource-3.3.0-150000.4.8.1 liblouis-devel-3.3.0-150000.4.8.1 liblouis14-3.3.0-150000.4.8.1 liblouis14-debuginfo-3.3.0-150000.4.8.1 python3-louis-3.3.0-150000.4.8.1 References: https://www.suse.com/security/cve/CVE-2022-26981.html https://www.suse.com/security/cve/CVE-2022-31783.html https://bugzilla.suse.com/1130813 https://bugzilla.suse.com/1197085 https://bugzilla.suse.com/1200120 From sle-updates at lists.suse.com Mon Jul 4 13:18:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 15:18:19 +0200 (CEST) Subject: SUSE-SU-2022:2251-1: moderate: Security update for openssl-1_1 Message-ID: <20220704131820.004C010016@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2251-1 Rating: moderate References: #1185637 #1199166 #1200550 Cross-References: CVE-2022-1292 CVE-2022-2068 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2251=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2251=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2251=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2251=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2251=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2251=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2251=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2251=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2251=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2251=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2251=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2251=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2251=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - openSUSE Leap 15.3 (noarch): openssl-1_1-doc-1.1.1d-150200.11.48.1 - openSUSE Leap 15.3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Manager Server 4.1 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.48.1 libopenssl1_1-1.1.1d-150200.11.48.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-1.1.1d-150200.11.48.1 openssl-1_1-1.1.1d-150200.11.48.1 openssl-1_1-debuginfo-1.1.1d-150200.11.48.1 openssl-1_1-debugsource-1.1.1d-150200.11.48.1 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.48.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Mon Jul 4 13:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 15:19:29 +0200 (CEST) Subject: SUSE-SU-2022:2254-1: important: Security update for qemu Message-ID: <20220704131929.65B2710016@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2254-1 Rating: important References: #1197084 #1198035 #1198037 #1198712 #1199018 #1199924 Cross-References: CVE-2021-4206 CVE-2021-4207 CVE-2022-26354 CVSS scores: CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26354 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2022-26354 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2254=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2254=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2254=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2254=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2254=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.115.2 qemu-arm-5.2.0-150300.115.2 qemu-arm-debuginfo-5.2.0-150300.115.2 qemu-audio-alsa-5.2.0-150300.115.2 qemu-audio-alsa-debuginfo-5.2.0-150300.115.2 qemu-audio-pa-5.2.0-150300.115.2 qemu-audio-pa-debuginfo-5.2.0-150300.115.2 qemu-audio-spice-5.2.0-150300.115.2 qemu-audio-spice-debuginfo-5.2.0-150300.115.2 qemu-block-curl-5.2.0-150300.115.2 qemu-block-curl-debuginfo-5.2.0-150300.115.2 qemu-block-dmg-5.2.0-150300.115.2 qemu-block-dmg-debuginfo-5.2.0-150300.115.2 qemu-block-gluster-5.2.0-150300.115.2 qemu-block-gluster-debuginfo-5.2.0-150300.115.2 qemu-block-iscsi-5.2.0-150300.115.2 qemu-block-iscsi-debuginfo-5.2.0-150300.115.2 qemu-block-nfs-5.2.0-150300.115.2 qemu-block-nfs-debuginfo-5.2.0-150300.115.2 qemu-block-rbd-5.2.0-150300.115.2 qemu-block-rbd-debuginfo-5.2.0-150300.115.2 qemu-block-ssh-5.2.0-150300.115.2 qemu-block-ssh-debuginfo-5.2.0-150300.115.2 qemu-chardev-baum-5.2.0-150300.115.2 qemu-chardev-baum-debuginfo-5.2.0-150300.115.2 qemu-chardev-spice-5.2.0-150300.115.2 qemu-chardev-spice-debuginfo-5.2.0-150300.115.2 qemu-debuginfo-5.2.0-150300.115.2 qemu-debugsource-5.2.0-150300.115.2 qemu-extra-5.2.0-150300.115.2 qemu-extra-debuginfo-5.2.0-150300.115.2 qemu-guest-agent-5.2.0-150300.115.2 qemu-guest-agent-debuginfo-5.2.0-150300.115.2 qemu-hw-display-qxl-5.2.0-150300.115.2 qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.115.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.115.2 qemu-hw-usb-redirect-5.2.0-150300.115.2 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2 qemu-hw-usb-smartcard-5.2.0-150300.115.2 qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.115.2 qemu-ivshmem-tools-5.2.0-150300.115.2 qemu-ivshmem-tools-debuginfo-5.2.0-150300.115.2 qemu-ksm-5.2.0-150300.115.2 qemu-lang-5.2.0-150300.115.2 qemu-linux-user-5.2.0-150300.115.2 qemu-linux-user-debuginfo-5.2.0-150300.115.2 qemu-linux-user-debugsource-5.2.0-150300.115.2 qemu-ppc-5.2.0-150300.115.2 qemu-ppc-debuginfo-5.2.0-150300.115.2 qemu-s390x-5.2.0-150300.115.2 qemu-s390x-debuginfo-5.2.0-150300.115.2 qemu-testsuite-5.2.0-150300.115.4 qemu-tools-5.2.0-150300.115.2 qemu-tools-debuginfo-5.2.0-150300.115.2 qemu-ui-curses-5.2.0-150300.115.2 qemu-ui-curses-debuginfo-5.2.0-150300.115.2 qemu-ui-gtk-5.2.0-150300.115.2 qemu-ui-gtk-debuginfo-5.2.0-150300.115.2 qemu-ui-opengl-5.2.0-150300.115.2 qemu-ui-opengl-debuginfo-5.2.0-150300.115.2 qemu-ui-spice-app-5.2.0-150300.115.2 qemu-ui-spice-app-debuginfo-5.2.0-150300.115.2 qemu-ui-spice-core-5.2.0-150300.115.2 qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2 qemu-vhost-user-gpu-5.2.0-150300.115.2 qemu-vhost-user-gpu-debuginfo-5.2.0-150300.115.2 qemu-x86-5.2.0-150300.115.2 qemu-x86-debuginfo-5.2.0-150300.115.2 - openSUSE Leap 15.3 (s390x x86_64): qemu-kvm-5.2.0-150300.115.2 - openSUSE Leap 15.3 (noarch): qemu-SLOF-5.2.0-150300.115.2 qemu-ipxe-1.0.0+-150300.115.2 qemu-microvm-5.2.0-150300.115.2 qemu-seabios-1.14.0_0_g155821a-150300.115.2 qemu-sgabios-8-150300.115.2 qemu-skiboot-5.2.0-150300.115.2 qemu-vgabios-1.14.0_0_g155821a-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.115.2 qemu-block-curl-5.2.0-150300.115.2 qemu-block-curl-debuginfo-5.2.0-150300.115.2 qemu-block-iscsi-5.2.0-150300.115.2 qemu-block-iscsi-debuginfo-5.2.0-150300.115.2 qemu-block-rbd-5.2.0-150300.115.2 qemu-block-rbd-debuginfo-5.2.0-150300.115.2 qemu-block-ssh-5.2.0-150300.115.2 qemu-block-ssh-debuginfo-5.2.0-150300.115.2 qemu-chardev-baum-5.2.0-150300.115.2 qemu-chardev-baum-debuginfo-5.2.0-150300.115.2 qemu-debuginfo-5.2.0-150300.115.2 qemu-debugsource-5.2.0-150300.115.2 qemu-guest-agent-5.2.0-150300.115.2 qemu-guest-agent-debuginfo-5.2.0-150300.115.2 qemu-ksm-5.2.0-150300.115.2 qemu-lang-5.2.0-150300.115.2 qemu-ui-curses-5.2.0-150300.115.2 qemu-ui-curses-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64): qemu-audio-spice-5.2.0-150300.115.2 qemu-audio-spice-debuginfo-5.2.0-150300.115.2 qemu-chardev-spice-5.2.0-150300.115.2 qemu-chardev-spice-debuginfo-5.2.0-150300.115.2 qemu-hw-display-qxl-5.2.0-150300.115.2 qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2 qemu-hw-usb-redirect-5.2.0-150300.115.2 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2 qemu-ui-gtk-5.2.0-150300.115.2 qemu-ui-gtk-debuginfo-5.2.0-150300.115.2 qemu-ui-opengl-5.2.0-150300.115.2 qemu-ui-opengl-debuginfo-5.2.0-150300.115.2 qemu-ui-spice-app-5.2.0-150300.115.2 qemu-ui-spice-app-debuginfo-5.2.0-150300.115.2 qemu-ui-spice-core-5.2.0-150300.115.2 qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64): qemu-hw-display-virtio-gpu-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.115.2 qemu-kvm-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64): qemu-arm-5.2.0-150300.115.2 qemu-arm-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le): qemu-ppc-5.2.0-150300.115.2 qemu-ppc-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): qemu-audio-alsa-5.2.0-150300.115.2 qemu-audio-alsa-debuginfo-5.2.0-150300.115.2 qemu-audio-pa-5.2.0-150300.115.2 qemu-audio-pa-debuginfo-5.2.0-150300.115.2 qemu-x86-5.2.0-150300.115.2 qemu-x86-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-SLOF-5.2.0-150300.115.2 qemu-ipxe-1.0.0+-150300.115.2 qemu-seabios-1.14.0_0_g155821a-150300.115.2 qemu-sgabios-8-150300.115.2 qemu-skiboot-5.2.0-150300.115.2 qemu-vgabios-1.14.0_0_g155821a-150300.115.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x): qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.115.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.115.2 qemu-s390x-5.2.0-150300.115.2 qemu-s390x-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-5.2.0-150300.115.2 qemu-debugsource-5.2.0-150300.115.2 qemu-tools-5.2.0-150300.115.2 qemu-tools-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): qemu-5.2.0-150300.115.2 qemu-audio-spice-5.2.0-150300.115.2 qemu-audio-spice-debuginfo-5.2.0-150300.115.2 qemu-chardev-spice-5.2.0-150300.115.2 qemu-chardev-spice-debuginfo-5.2.0-150300.115.2 qemu-debuginfo-5.2.0-150300.115.2 qemu-debugsource-5.2.0-150300.115.2 qemu-guest-agent-5.2.0-150300.115.2 qemu-guest-agent-debuginfo-5.2.0-150300.115.2 qemu-hw-display-qxl-5.2.0-150300.115.2 qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-5.2.0-150300.115.2 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-5.2.0-150300.115.2 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2 qemu-hw-usb-redirect-5.2.0-150300.115.2 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2 qemu-tools-5.2.0-150300.115.2 qemu-tools-debuginfo-5.2.0-150300.115.2 qemu-ui-opengl-5.2.0-150300.115.2 qemu-ui-opengl-debuginfo-5.2.0-150300.115.2 qemu-ui-spice-core-5.2.0-150300.115.2 qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.115.2 qemu-arm-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.115.2 qemu-seabios-1.14.0_0_g155821a-150300.115.2 qemu-sgabios-8-150300.115.2 qemu-vgabios-1.14.0_0_g155821a-150300.115.2 - SUSE Linux Enterprise Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.115.2 qemu-x86-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.2 (s390x): qemu-s390x-5.2.0-150300.115.2 qemu-s390x-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): qemu-5.2.0-150300.115.2 qemu-debuginfo-5.2.0-150300.115.2 qemu-debugsource-5.2.0-150300.115.2 qemu-tools-5.2.0-150300.115.2 qemu-tools-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.1 (aarch64): qemu-arm-5.2.0-150300.115.2 qemu-arm-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.1 (x86_64): qemu-x86-5.2.0-150300.115.2 qemu-x86-debuginfo-5.2.0-150300.115.2 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ipxe-1.0.0+-150300.115.2 qemu-seabios-1.14.0_0_g155821a-150300.115.2 qemu-sgabios-8-150300.115.2 qemu-vgabios-1.14.0_0_g155821a-150300.115.2 - SUSE Linux Enterprise Micro 5.1 (s390x): qemu-s390x-5.2.0-150300.115.2 qemu-s390x-debuginfo-5.2.0-150300.115.2 References: https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-26354.html https://bugzilla.suse.com/1197084 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198712 https://bugzilla.suse.com/1199018 https://bugzilla.suse.com/1199924 From sle-updates at lists.suse.com Mon Jul 4 16:15:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 18:15:52 +0200 (CEST) Subject: SUSE-SU-2022:2259-1: moderate: Security update for ImageMagick Message-ID: <20220704161552.D43B410015@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2259-1 Rating: moderate References: #1153866 #1200387 #1200388 #1200389 Cross-References: CVE-2019-17540 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVSS scores: CVE-2019-17540 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-32545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32545 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32546 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32546 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32547 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32547 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2259=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2259=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2259=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2259=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 - openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.31.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.31.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.31.1 ImageMagick-debuginfo-7.0.7.34-150200.10.31.1 ImageMagick-debugsource-7.0.7.34-150200.10.31.1 ImageMagick-devel-7.0.7.34-150200.10.31.1 ImageMagick-extra-7.0.7.34-150200.10.31.1 ImageMagick-extra-debuginfo-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1 libMagick++-devel-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 perl-PerlMagick-7.0.7.34-150200.10.31.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.31.1 - openSUSE Leap 15.3 (x86_64): ImageMagick-devel-32bit-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.31.1 libMagick++-devel-32bit-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1 - openSUSE Leap 15.3 (noarch): ImageMagick-doc-7.0.7.34-150200.10.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-150200.10.31.1 ImageMagick-debugsource-7.0.7.34-150200.10.31.1 perl-PerlMagick-7.0.7.34-150200.10.31.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.31.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.31.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.31.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.31.1 ImageMagick-debuginfo-7.0.7.34-150200.10.31.1 ImageMagick-debugsource-7.0.7.34-150200.10.31.1 ImageMagick-devel-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1 libMagick++-devel-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1 References: https://www.suse.com/security/cve/CVE-2019-17540.html https://www.suse.com/security/cve/CVE-2022-32545.html https://www.suse.com/security/cve/CVE-2022-32546.html https://www.suse.com/security/cve/CVE-2022-32547.html https://bugzilla.suse.com/1153866 https://bugzilla.suse.com/1200387 https://bugzilla.suse.com/1200388 https://bugzilla.suse.com/1200389 From sle-updates at lists.suse.com Mon Jul 4 19:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 21:15:51 +0200 (CEST) Subject: SUSE-SU-2022:2262-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Message-ID: <20220704191551.085AB10015@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2262-1 Rating: important References: #1199606 #1199648 #1200266 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1734 CVE-2022-1966 CVE-2022-1972 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_63 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2255=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2256=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2257=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2258=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2262=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_63-default-4-150300.2.2 kernel-livepatch-5_3_18-59_10-default-17-150300.2.2 kernel-livepatch-5_3_18-59_10-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-59_13-default-17-150300.2.2 kernel-livepatch-5_3_18-59_13-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-59_16-default-16-150300.2.2 kernel-livepatch-5_3_18-59_16-default-debuginfo-16-150300.2.2 kernel-livepatch-5_3_18-59_19-default-15-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-15-150300.2.2 kernel-livepatch-SLE15-SP3_Update_2-debugsource-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_3-debugsource-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_4-debugsource-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-15-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200266 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Mon Jul 4 19:16:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 21:16:51 +0200 (CEST) Subject: SUSE-SU-2022:2260-1: important: Security update for qemu Message-ID: <20220704191651.E277110015@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2260-1 Rating: important References: #1197084 #1198035 #1198037 #1198711 #1198712 #1199015 #1199018 #1199625 #1199924 Cross-References: CVE-2021-4206 CVE-2021-4207 CVE-2022-26353 CVE-2022-26354 CVSS scores: CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26353 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-26353 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-26354 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2022-26354 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2022-26353: Fixed map leaking on error during receive (bsc#1198711) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2260=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2260=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2260=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.5.3 qemu-accel-qtest-6.2.0-150400.37.5.3 qemu-accel-qtest-debuginfo-6.2.0-150400.37.5.3 qemu-accel-tcg-x86-6.2.0-150400.37.5.3 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.5.3 qemu-arm-6.2.0-150400.37.5.3 qemu-arm-debuginfo-6.2.0-150400.37.5.3 qemu-audio-alsa-6.2.0-150400.37.5.3 qemu-audio-alsa-debuginfo-6.2.0-150400.37.5.3 qemu-audio-jack-6.2.0-150400.37.5.3 qemu-audio-jack-debuginfo-6.2.0-150400.37.5.3 qemu-audio-oss-debuginfo-6.2.0-150400.37.5.3 qemu-audio-pa-6.2.0-150400.37.5.3 qemu-audio-pa-debuginfo-6.2.0-150400.37.5.3 qemu-audio-spice-6.2.0-150400.37.5.3 qemu-audio-spice-debuginfo-6.2.0-150400.37.5.3 qemu-block-curl-6.2.0-150400.37.5.3 qemu-block-curl-debuginfo-6.2.0-150400.37.5.3 qemu-block-dmg-6.2.0-150400.37.5.3 qemu-block-dmg-debuginfo-6.2.0-150400.37.5.3 qemu-block-gluster-6.2.0-150400.37.5.3 qemu-block-gluster-debuginfo-6.2.0-150400.37.5.3 qemu-block-iscsi-6.2.0-150400.37.5.3 qemu-block-iscsi-debuginfo-6.2.0-150400.37.5.3 qemu-block-nfs-6.2.0-150400.37.5.3 qemu-block-nfs-debuginfo-6.2.0-150400.37.5.3 qemu-block-rbd-6.2.0-150400.37.5.3 qemu-block-rbd-debuginfo-6.2.0-150400.37.5.3 qemu-block-ssh-6.2.0-150400.37.5.3 qemu-block-ssh-debuginfo-6.2.0-150400.37.5.3 qemu-chardev-baum-6.2.0-150400.37.5.3 qemu-chardev-baum-debuginfo-6.2.0-150400.37.5.3 qemu-chardev-spice-6.2.0-150400.37.5.3 qemu-chardev-spice-debuginfo-6.2.0-150400.37.5.3 qemu-debuginfo-6.2.0-150400.37.5.3 qemu-debugsource-6.2.0-150400.37.5.3 qemu-extra-6.2.0-150400.37.5.3 qemu-extra-debuginfo-6.2.0-150400.37.5.3 qemu-guest-agent-6.2.0-150400.37.5.3 qemu-guest-agent-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-qxl-6.2.0-150400.37.5.3 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-virtio-vga-6.2.0-150400.37.5.3 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.5.3 qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.5.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.5.3 qemu-hw-usb-host-6.2.0-150400.37.5.3 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.5.3 qemu-hw-usb-redirect-6.2.0-150400.37.5.3 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.5.3 qemu-hw-usb-smartcard-6.2.0-150400.37.5.3 qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.5.3 qemu-ivshmem-tools-6.2.0-150400.37.5.3 qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.5.3 qemu-ksm-6.2.0-150400.37.5.3 qemu-lang-6.2.0-150400.37.5.3 qemu-linux-user-6.2.0-150400.37.5.1 qemu-linux-user-debuginfo-6.2.0-150400.37.5.1 qemu-linux-user-debugsource-6.2.0-150400.37.5.1 qemu-ppc-6.2.0-150400.37.5.3 qemu-ppc-debuginfo-6.2.0-150400.37.5.3 qemu-s390x-6.2.0-150400.37.5.3 qemu-s390x-debuginfo-6.2.0-150400.37.5.3 qemu-testsuite-6.2.0-150400.37.5.5 qemu-tools-6.2.0-150400.37.5.3 qemu-tools-debuginfo-6.2.0-150400.37.5.3 qemu-ui-curses-6.2.0-150400.37.5.3 qemu-ui-curses-debuginfo-6.2.0-150400.37.5.3 qemu-ui-gtk-6.2.0-150400.37.5.3 qemu-ui-gtk-debuginfo-6.2.0-150400.37.5.3 qemu-ui-opengl-6.2.0-150400.37.5.3 qemu-ui-opengl-debuginfo-6.2.0-150400.37.5.3 qemu-ui-spice-app-6.2.0-150400.37.5.3 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.5.3 qemu-ui-spice-core-6.2.0-150400.37.5.3 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.5.3 qemu-vhost-user-gpu-6.2.0-150400.37.5.3 qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.5.3 qemu-x86-6.2.0-150400.37.5.3 qemu-x86-debuginfo-6.2.0-150400.37.5.3 - openSUSE Leap 15.4 (s390x x86_64): qemu-kvm-6.2.0-150400.37.5.3 - openSUSE Leap 15.4 (noarch): qemu-SLOF-6.2.0-150400.37.5.3 qemu-ipxe-1.0.0+-150400.37.5.3 qemu-microvm-6.2.0-150400.37.5.3 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.5.3 qemu-sgabios-8-150400.37.5.3 qemu-skiboot-6.2.0-150400.37.5.3 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.5.3 qemu-block-curl-6.2.0-150400.37.5.3 qemu-block-curl-debuginfo-6.2.0-150400.37.5.3 qemu-block-iscsi-6.2.0-150400.37.5.3 qemu-block-iscsi-debuginfo-6.2.0-150400.37.5.3 qemu-block-rbd-6.2.0-150400.37.5.3 qemu-block-rbd-debuginfo-6.2.0-150400.37.5.3 qemu-block-ssh-6.2.0-150400.37.5.3 qemu-block-ssh-debuginfo-6.2.0-150400.37.5.3 qemu-chardev-baum-6.2.0-150400.37.5.3 qemu-chardev-baum-debuginfo-6.2.0-150400.37.5.3 qemu-debuginfo-6.2.0-150400.37.5.3 qemu-debugsource-6.2.0-150400.37.5.3 qemu-guest-agent-6.2.0-150400.37.5.3 qemu-guest-agent-debuginfo-6.2.0-150400.37.5.3 qemu-hw-usb-host-6.2.0-150400.37.5.3 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.5.3 qemu-ksm-6.2.0-150400.37.5.3 qemu-lang-6.2.0-150400.37.5.3 qemu-ui-curses-6.2.0-150400.37.5.3 qemu-ui-curses-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le x86_64): qemu-audio-spice-6.2.0-150400.37.5.3 qemu-audio-spice-debuginfo-6.2.0-150400.37.5.3 qemu-chardev-spice-6.2.0-150400.37.5.3 qemu-chardev-spice-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-qxl-6.2.0-150400.37.5.3 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-virtio-vga-6.2.0-150400.37.5.3 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.5.3 qemu-hw-usb-redirect-6.2.0-150400.37.5.3 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.5.3 qemu-ui-gtk-6.2.0-150400.37.5.3 qemu-ui-gtk-debuginfo-6.2.0-150400.37.5.3 qemu-ui-opengl-6.2.0-150400.37.5.3 qemu-ui-opengl-debuginfo-6.2.0-150400.37.5.3 qemu-ui-spice-app-6.2.0-150400.37.5.3 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.5.3 qemu-ui-spice-core-6.2.0-150400.37.5.3 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x x86_64): qemu-hw-display-virtio-gpu-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.5.3 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.5.3 qemu-kvm-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64): qemu-arm-6.2.0-150400.37.5.3 qemu-arm-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le): qemu-ppc-6.2.0-150400.37.5.3 qemu-ppc-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): qemu-accel-tcg-x86-6.2.0-150400.37.5.3 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.5.3 qemu-audio-alsa-6.2.0-150400.37.5.3 qemu-audio-alsa-debuginfo-6.2.0-150400.37.5.3 qemu-audio-pa-6.2.0-150400.37.5.3 qemu-audio-pa-debuginfo-6.2.0-150400.37.5.3 qemu-x86-6.2.0-150400.37.5.3 qemu-x86-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): qemu-SLOF-6.2.0-150400.37.5.3 qemu-ipxe-1.0.0+-150400.37.5.3 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.5.3 qemu-sgabios-8-150400.37.5.3 qemu-skiboot-6.2.0-150400.37.5.3 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x): qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.5.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.5.3 qemu-s390x-6.2.0-150400.37.5.3 qemu-s390x-debuginfo-6.2.0-150400.37.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-6.2.0-150400.37.5.3 qemu-debugsource-6.2.0-150400.37.5.3 qemu-tools-6.2.0-150400.37.5.3 qemu-tools-debuginfo-6.2.0-150400.37.5.3 References: https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-26353.html https://www.suse.com/security/cve/CVE-2022-26354.html https://bugzilla.suse.com/1197084 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198711 https://bugzilla.suse.com/1198712 https://bugzilla.suse.com/1199015 https://bugzilla.suse.com/1199018 https://bugzilla.suse.com/1199625 https://bugzilla.suse.com/1199924 From sle-updates at lists.suse.com Mon Jul 4 19:18:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jul 2022 21:18:10 +0200 (CEST) Subject: SUSE-SU-2020:0026-2: moderate: Security update for sysstat Message-ID: <20220704191810.9B04510015@maintenance.suse.de> SUSE Security Update: Security update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0026-2 Rating: moderate References: #1144923 #1159104 SLE-5958 Cross-References: CVE-2019-19725 CVSS scores: CVE-2019-19725 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-19725 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for sysstat fixes the following issues: Security issue fixed: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). Bug fixes: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2261=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2261=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2261=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2261=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2261=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2261=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2261=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2261=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2261=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2261=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE OpenStack Cloud 9 (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE OpenStack Cloud 8 (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 - HPE Helion Openstack 8 (x86_64): sysstat-12.0.2-10.36.1 sysstat-debuginfo-12.0.2-10.36.1 sysstat-debugsource-12.0.2-10.36.1 sysstat-isag-12.0.2-10.36.1 References: https://www.suse.com/security/cve/CVE-2019-19725.html https://bugzilla.suse.com/1144923 https://bugzilla.suse.com/1159104 From sle-updates at lists.suse.com Tue Jul 5 07:36:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 09:36:31 +0200 (CEST) Subject: SUSE-CU-2022:1400-1: Security update of suse/sle15 Message-ID: <20220705073631.19715F789@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1400-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.158 Container Release : 9.5.158 Severity : moderate Type : security References : 1185637 1199166 1200550 CVE-2022-1292 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.48.1 updated - libopenssl1_1-1.1.1d-150200.11.48.1 updated - openssl-1_1-1.1.1d-150200.11.48.1 updated From sle-updates at lists.suse.com Tue Jul 5 07:42:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 09:42:26 +0200 (CEST) Subject: SUSE-CU-2022:1401-1: Security update of bci/bci-init Message-ID: <20220705074226.D76B1F789@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1401-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.15.14 Container Release : 15.14 Severity : moderate Type : security References : 1185637 1192951 1193659 1195283 1196861 1197065 1199166 1200550 CVE-2022-1292 CVE-2022-2068 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.48.1 updated - libopenssl1_1-1.1.1d-150200.11.48.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - openssl-1_1-1.1.1d-150200.11.48.1 updated - container:sles15-image-15.0.0-17.17.19 updated From sle-updates at lists.suse.com Tue Jul 5 07:48:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 09:48:10 +0200 (CEST) Subject: SUSE-CU-2022:1404-1: Security update of bci/nodejs Message-ID: <20220705074810.A03A5F789@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1404-1 Container Tags : bci/node:12 , bci/node:12-16.83 , bci/nodejs:12 , bci/nodejs:12-16.83 Container Release : 16.83 Severity : moderate Type : security References : 1185637 1199166 1200550 CVE-2022-1292 CVE-2022-2068 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.48.1 updated - libopenssl1_1-1.1.1d-150200.11.48.1 updated - openssl-1_1-1.1.1d-150200.11.48.1 updated - container:sles15-image-15.0.0-17.17.19 updated From sle-updates at lists.suse.com Tue Jul 5 07:51:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 09:51:23 +0200 (CEST) Subject: SUSE-CU-2022:1405-1: Security update of bci/python Message-ID: <20220705075123.4571AF789@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1405-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.13 Container Release : 18.13 Severity : moderate Type : security References : 1185637 1199166 1200550 CVE-2022-1292 CVE-2022-2068 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.48.1 updated - libopenssl1_1-1.1.1d-150200.11.48.1 updated - openssl-1_1-1.1.1d-150200.11.48.1 updated - container:sles15-image-15.0.0-17.17.19 updated From sle-updates at lists.suse.com Tue Jul 5 08:05:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 10:05:34 +0200 (CEST) Subject: SUSE-CU-2022:1406-1: Security update of suse/sle15 Message-ID: <20220705080535.04A08F789@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1406-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.19 , suse/sle15:15.3 , suse/sle15:15.3.17.17.19 Container Release : 17.17.19 Severity : moderate Type : security References : 1185637 1199166 1200550 CVE-2022-1292 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.48.1 updated - libopenssl1_1-1.1.1d-150200.11.48.1 updated - openssl-1_1-1.1.1d-150200.11.48.1 updated From sle-updates at lists.suse.com Tue Jul 5 13:15:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 15:15:57 +0200 (CEST) Subject: SUSE-SU-2022:2263-1: moderate: Security update for ImageMagick Message-ID: <20220705131557.8AF42FDDB@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2263-1 Rating: moderate References: #1153866 #1200387 #1200388 #1200389 Cross-References: CVE-2019-17540 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVSS scores: CVE-2019-17540 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-32545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32545 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32546 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32546 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32547 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32547 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2263=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2263=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2263=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.177.1 ImageMagick-debuginfo-6.8.8.1-71.177.1 ImageMagick-debugsource-6.8.8.1-71.177.1 libMagick++-6_Q16-3-6.8.8.1-71.177.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.177.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.177.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.177.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.177.1 ImageMagick-config-6-SUSE-6.8.8.1-71.177.1 ImageMagick-config-6-upstream-6.8.8.1-71.177.1 ImageMagick-debuginfo-6.8.8.1-71.177.1 ImageMagick-debugsource-6.8.8.1-71.177.1 ImageMagick-devel-6.8.8.1-71.177.1 libMagick++-6_Q16-3-6.8.8.1-71.177.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.177.1 libMagick++-devel-6.8.8.1-71.177.1 perl-PerlMagick-6.8.8.1-71.177.1 perl-PerlMagick-debuginfo-6.8.8.1-71.177.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.177.1 ImageMagick-config-6-upstream-6.8.8.1-71.177.1 ImageMagick-debuginfo-6.8.8.1-71.177.1 ImageMagick-debugsource-6.8.8.1-71.177.1 libMagickCore-6_Q16-1-6.8.8.1-71.177.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.177.1 libMagickWand-6_Q16-1-6.8.8.1-71.177.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.177.1 References: https://www.suse.com/security/cve/CVE-2019-17540.html https://www.suse.com/security/cve/CVE-2022-32545.html https://www.suse.com/security/cve/CVE-2022-32546.html https://www.suse.com/security/cve/CVE-2022-32547.html https://bugzilla.suse.com/1153866 https://bugzilla.suse.com/1200387 https://bugzilla.suse.com/1200388 https://bugzilla.suse.com/1200389 From sle-updates at lists.suse.com Tue Jul 5 13:16:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 15:16:43 +0200 (CEST) Subject: SUSE-RU-2022:2264-1: Recommended update for python-M2Crypto and SUSEConnect Message-ID: <20220705131643.DA6F3FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto and SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2264-1 Rating: low References: PM-3081 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This updates for python-M2Crypto and SUSEConnect fixes the following issues: - This is a re-release, no souce changes. This releases the packages to some extra repositories. (jsc#PM-3081) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2264=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2264=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-M2Crypto-0.29.0-23.5.2 python-M2Crypto-debuginfo-0.29.0-23.5.2 python-M2Crypto-debugsource-0.29.0-23.5.2 python3-M2Crypto-0.29.0-23.5.2 python3-M2Crypto-debuginfo-0.29.0-23.5.2 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.32-19.10.40.1 python-M2Crypto-debugsource-0.29.0-23.5.2 python3-M2Crypto-0.29.0-23.5.2 python3-M2Crypto-debuginfo-0.29.0-23.5.2 References: From sle-updates at lists.suse.com Tue Jul 5 16:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 18:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2267-1: important: Security update for dpdk Message-ID: <20220705161606.01BDBFDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2267-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2267=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2267=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): dpdk-19.11.4-150300.13.3 dpdk-debuginfo-19.11.4-150300.13.3 dpdk-debugsource-19.11.4-150300.13.3 dpdk-devel-19.11.4-150300.13.3 dpdk-devel-debuginfo-19.11.4-150300.13.3 dpdk-examples-19.11.4-150300.13.3 dpdk-examples-debuginfo-19.11.4-150300.13.3 dpdk-kmp-default-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-tools-19.11.4-150300.13.3 dpdk-tools-debuginfo-19.11.4-150300.13.3 libdpdk-20_0-19.11.4-150300.13.3 libdpdk-20_0-debuginfo-19.11.4-150300.13.3 - openSUSE Leap 15.3 (aarch64 x86_64): dpdk-kmp-preempt-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-kmp-preempt-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 - openSUSE Leap 15.3 (aarch64): dpdk-thunderx-19.11.4-150300.13.3 dpdk-thunderx-debuginfo-19.11.4-150300.13.3 dpdk-thunderx-debugsource-19.11.4-150300.13.3 dpdk-thunderx-devel-19.11.4-150300.13.3 dpdk-thunderx-devel-debuginfo-19.11.4-150300.13.3 dpdk-thunderx-examples-19.11.4-150300.13.3 dpdk-thunderx-examples-debuginfo-19.11.4-150300.13.3 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-thunderx-kmp-preempt-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-thunderx-tools-19.11.4-150300.13.3 dpdk-thunderx-tools-debuginfo-19.11.4-150300.13.3 - openSUSE Leap 15.3 (noarch): dpdk-doc-19.11.4-150300.13.3 dpdk-thunderx-doc-19.11.4-150300.13.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64): dpdk-19.11.4-150300.13.3 dpdk-debuginfo-19.11.4-150300.13.3 dpdk-debugsource-19.11.4-150300.13.3 dpdk-devel-19.11.4-150300.13.3 dpdk-devel-debuginfo-19.11.4-150300.13.3 dpdk-kmp-default-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-tools-19.11.4-150300.13.3 dpdk-tools-debuginfo-19.11.4-150300.13.3 libdpdk-20_0-19.11.4-150300.13.3 libdpdk-20_0-debuginfo-19.11.4-150300.13.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64): dpdk-thunderx-19.11.4-150300.13.3 dpdk-thunderx-debuginfo-19.11.4-150300.13.3 dpdk-thunderx-debugsource-19.11.4-150300.13.3 dpdk-thunderx-devel-19.11.4-150300.13.3 dpdk-thunderx-devel-debuginfo-19.11.4-150300.13.3 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.76-150300.13.3 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.76-150300.13.3 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 16:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 18:16:39 +0200 (CEST) Subject: SUSE-SU-2022:2265-1: important: Security update for dpdk Message-ID: <20220705161639.1206BFDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2265-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2265=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2265=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2265=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2265=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dpdk-17.11.7-5.12.1 dpdk-debuginfo-17.11.7-5.12.1 dpdk-debugsource-17.11.7-5.12.1 dpdk-kmp-default-17.11.7_k4.12.14_95.99-5.12.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.99-5.12.1 dpdk-tools-17.11.7-5.12.1 dpdk-tools-debuginfo-17.11.7-5.12.1 libdpdk-17_11-17.11.7-5.12.1 libdpdk-17_11-debuginfo-17.11.7-5.12.1 - SUSE OpenStack Cloud 9 (x86_64): dpdk-17.11.7-5.12.1 dpdk-debuginfo-17.11.7-5.12.1 dpdk-debugsource-17.11.7-5.12.1 dpdk-kmp-default-17.11.7_k4.12.14_95.99-5.12.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.99-5.12.1 dpdk-tools-17.11.7-5.12.1 dpdk-tools-debuginfo-17.11.7-5.12.1 libdpdk-17_11-17.11.7-5.12.1 libdpdk-17_11-debuginfo-17.11.7-5.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dpdk-17.11.7-5.12.1 dpdk-debuginfo-17.11.7-5.12.1 dpdk-debugsource-17.11.7-5.12.1 dpdk-tools-17.11.7-5.12.1 dpdk-tools-debuginfo-17.11.7-5.12.1 libdpdk-17_11-17.11.7-5.12.1 libdpdk-17_11-debuginfo-17.11.7-5.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.99-5.12.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.99-5.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): dpdk-17.11.7-5.12.1 dpdk-debuginfo-17.11.7-5.12.1 dpdk-debugsource-17.11.7-5.12.1 dpdk-tools-17.11.7-5.12.1 dpdk-tools-debuginfo-17.11.7-5.12.1 libdpdk-17_11-17.11.7-5.12.1 libdpdk-17_11-debuginfo-17.11.7-5.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): dpdk-thunderx-17.11.7-5.12.1 dpdk-thunderx-debuginfo-17.11.7-5.12.1 dpdk-thunderx-debugsource-17.11.7-5.12.1 dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.99-5.12.1 dpdk-thunderx-kmp-default-debuginfo-17.11.7_k4.12.14_95.99-5.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): dpdk-kmp-default-17.11.7_k4.12.14_95.99-5.12.1 dpdk-kmp-default-debuginfo-17.11.7_k4.12.14_95.99-5.12.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 16:17:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 18:17:16 +0200 (CEST) Subject: SUSE-SU-2022:2268-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <20220705161716.42771FDAB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2268-1 Rating: important References: #1196959 #1197335 #1198590 #1199602 #1200266 #1200268 Cross-References: CVE-2021-39698 CVE-2022-1016 CVE-2022-1280 CVE-2022-1966 CVE-2022-1972 CVE-2022-30594 CVE-2022-32250 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2268=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-2-150400.4.3.3 kernel-livepatch-5_14_21-150400_22-default-debuginfo-2-150400.4.3.3 kernel-livepatch-SLE15-SP4_Update_0-debugsource-2-150400.4.3.3 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1280.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-30594.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1198590 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1200266 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Tue Jul 5 16:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 18:18:21 +0200 (CEST) Subject: SUSE-SU-2022:2266-1: important: Security update for dpdk Message-ID: <20220705161821.CF562FDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2266-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2266=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2266=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2266=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2266=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dpdk-18.11.9-150000.3.29.1 dpdk-debuginfo-18.11.9-150000.3.29.1 dpdk-debugsource-18.11.9-150000.3.29.1 dpdk-devel-18.11.9-150000.3.29.1 dpdk-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-tools-18.11.9-150000.3.29.1 dpdk-tools-debuginfo-18.11.9-150000.3.29.1 libdpdk-18_11-18.11.9-150000.3.29.1 libdpdk-18_11-debuginfo-18.11.9-150000.3.29.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): dpdk-18.11.9-150000.3.29.1 dpdk-debuginfo-18.11.9-150000.3.29.1 dpdk-debugsource-18.11.9-150000.3.29.1 dpdk-devel-18.11.9-150000.3.29.1 dpdk-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-thunderx-18.11.9-150000.3.29.1 dpdk-thunderx-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-debugsource-18.11.9-150000.3.29.1 dpdk-thunderx-devel-18.11.9-150000.3.29.1 dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-tools-18.11.9-150000.3.29.1 dpdk-tools-debuginfo-18.11.9-150000.3.29.1 libdpdk-18_11-18.11.9-150000.3.29.1 libdpdk-18_11-debuginfo-18.11.9-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dpdk-18.11.9-150000.3.29.1 dpdk-debuginfo-18.11.9-150000.3.29.1 dpdk-debugsource-18.11.9-150000.3.29.1 dpdk-devel-18.11.9-150000.3.29.1 dpdk-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-tools-18.11.9-150000.3.29.1 dpdk-tools-debuginfo-18.11.9-150000.3.29.1 libdpdk-18_11-18.11.9-150000.3.29.1 libdpdk-18_11-debuginfo-18.11.9-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): dpdk-thunderx-18.11.9-150000.3.29.1 dpdk-thunderx-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-debugsource-18.11.9-150000.3.29.1 dpdk-thunderx-devel-18.11.9-150000.3.29.1 dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dpdk-18.11.9-150000.3.29.1 dpdk-debuginfo-18.11.9-150000.3.29.1 dpdk-debugsource-18.11.9-150000.3.29.1 dpdk-devel-18.11.9-150000.3.29.1 dpdk-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-tools-18.11.9-150000.3.29.1 dpdk-tools-debuginfo-18.11.9-150000.3.29.1 libdpdk-18_11-18.11.9-150000.3.29.1 libdpdk-18_11-debuginfo-18.11.9-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): dpdk-thunderx-18.11.9-150000.3.29.1 dpdk-thunderx-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-debugsource-18.11.9-150000.3.29.1 dpdk-thunderx-devel-18.11.9-150000.3.29.1 dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.29.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.92-150000.3.29.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 19:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:15:53 +0200 (CEST) Subject: SUSE-SU-2022:2271-1: important: Security update for dpdk Message-ID: <20220705191553.7BAF4FDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2271-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2271=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2271=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.9-3.21.2 dpdk-debugsource-18.11.9-3.21.2 dpdk-devel-18.11.9-3.21.2 dpdk-devel-debuginfo-18.11.9-3.21.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.9-3.21.2 dpdk-thunderx-debugsource-18.11.9-3.21.2 dpdk-thunderx-devel-18.11.9-3.21.2 dpdk-thunderx-devel-debuginfo-18.11.9-3.21.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.9-3.21.2 dpdk-debuginfo-18.11.9-3.21.2 dpdk-debugsource-18.11.9-3.21.2 dpdk-tools-18.11.9-3.21.2 dpdk-tools-debuginfo-18.11.9-3.21.2 libdpdk-18_11-18.11.9-3.21.2 libdpdk-18_11-debuginfo-18.11.9-3.21.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.9-3.21.2 dpdk-thunderx-debuginfo-18.11.9-3.21.2 dpdk-thunderx-debugsource-18.11.9-3.21.2 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.124-3.21.2 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_122.124-3.21.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.9_k4.12.14_122.124-3.21.2 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_122.124-3.21.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 19:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:16:26 +0200 (CEST) Subject: SUSE-SU-2022:2274-1: important: Security update for dpdk Message-ID: <20220705191626.E59A3FDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2274-1 Rating: important References: #1198581 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2274=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2274=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2274=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2274=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2274=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2274=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 dpdk-tools-16.11.9-8.19.1 - SUSE OpenStack Cloud 8 (x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 dpdk-tools-16.11.9-8.19.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-tools-16.11.9-8.19.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-tools-16.11.9-8.19.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): dpdk-thunderx-16.11.9-8.19.1 dpdk-thunderx-debuginfo-16.11.9-8.19.1 dpdk-thunderx-debugsource-16.11.9-8.19.1 dpdk-thunderx-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-thunderx-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 dpdk-tools-16.11.9-8.19.1 - HPE Helion Openstack 8 (x86_64): dpdk-16.11.9-8.19.1 dpdk-debuginfo-16.11.9-8.19.1 dpdk-debugsource-16.11.9-8.19.1 dpdk-kmp-default-16.11.9_k4.4.180_94.164-8.19.1 dpdk-kmp-default-debuginfo-16.11.9_k4.4.180_94.164-8.19.1 dpdk-tools-16.11.9-8.19.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 19:17:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:17:03 +0200 (CEST) Subject: SUSE-SU-2022:2272-1: important: Security update for dpdk Message-ID: <20220705191703.72E29FDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2272-1 Rating: important References: #1198581 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2272=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2272=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2272=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2272=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2272=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2272=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2272=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2272=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 - SUSE CaaS Platform 4.0 (x86_64): dpdk-18.11.9-150100.4.16.1 dpdk-debuginfo-18.11.9-150100.4.16.1 dpdk-debugsource-18.11.9-150100.4.16.1 dpdk-devel-18.11.9-150100.4.16.1 dpdk-devel-debuginfo-18.11.9-150100.4.16.1 dpdk-kmp-default-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.114-150100.4.16.1 dpdk-tools-18.11.9-150100.4.16.1 dpdk-tools-debuginfo-18.11.9-150100.4.16.1 libdpdk-18_11-18.11.9-150100.4.16.1 libdpdk-18_11-debuginfo-18.11.9-150100.4.16.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jul 5 19:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:17:42 +0200 (CEST) Subject: SUSE-SU-2022:2273-1: important: Security update for dpdk Message-ID: <20220705191742.286BAFDAB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2273-1 Rating: important References: #1198581 #1198963 #1198964 Cross-References: CVE-2021-3839 CVE-2022-0669 CVSS scores: CVE-2021-3839 (SUSE): 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L CVE-2022-0669 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dpdk fixes the following issues: - CVE-2021-3839: Fixed a memory corruption issue during vhost-user communication (bsc#1198963). - CVE-2022-0669: Fixed a denial of service that could be triggered by a vhost-user master (bsc#1198964). - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2273=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2273=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2273=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2273=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2273=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2273=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2273=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2273=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2273=1 Package List: - SUSE Manager Server 4.1 (ppc64le x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Manager Proxy 4.1 (x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): dpdk-thunderx-19.11.4-150200.3.17.1 dpdk-thunderx-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-debugsource-19.11.4-150200.3.17.1 dpdk-thunderx-devel-19.11.4-150200.3.17.1 dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): dpdk-thunderx-19.11.4-150200.3.17.1 dpdk-thunderx-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-debugsource-19.11.4-150200.3.17.1 dpdk-thunderx-devel-19.11.4-150200.3.17.1 dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): dpdk-thunderx-19.11.4-150200.3.17.1 dpdk-thunderx-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-debugsource-19.11.4-150200.3.17.1 dpdk-thunderx-devel-19.11.4-150200.3.17.1 dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dpdk-19.11.4-150200.3.17.1 dpdk-debuginfo-19.11.4-150200.3.17.1 dpdk-debugsource-19.11.4-150200.3.17.1 dpdk-devel-19.11.4-150200.3.17.1 dpdk-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-tools-19.11.4-150200.3.17.1 dpdk-tools-debuginfo-19.11.4-150200.3.17.1 libdpdk-20_0-19.11.4-150200.3.17.1 libdpdk-20_0-debuginfo-19.11.4-150200.3.17.1 - SUSE Enterprise Storage 7 (aarch64): dpdk-thunderx-19.11.4-150200.3.17.1 dpdk-thunderx-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-debugsource-19.11.4-150200.3.17.1 dpdk-thunderx-devel-19.11.4-150200.3.17.1 dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.17.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.115-150200.3.17.1 References: https://www.suse.com/security/cve/CVE-2021-3839.html https://www.suse.com/security/cve/CVE-2022-0669.html https://bugzilla.suse.com/1198581 https://bugzilla.suse.com/1198963 https://bugzilla.suse.com/1198964 From sle-updates at lists.suse.com Tue Jul 5 19:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:18:30 +0200 (CEST) Subject: SUSE-RU-2022:2270-1: Recommended update for python-M2Crypto and SUSEConnect Message-ID: <20220705191830.E2450FDAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-M2Crypto and SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2270-1 Rating: low References: PM-3081 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This updates for python-M2Crypto and SUSEConnect fixes the following issues: - This is a re-release, no souce changes. This releases the packages to some extra repositories. (jsc#PM-3081) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2270=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2270=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2270=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2270=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2270=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2270=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2270=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python2-M2Crypto-0.35.2-150000.3.11.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - openSUSE Leap 15.3 (noarch): python-M2Crypto-doc-0.35.2-150000.3.11.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python2-M2Crypto-0.35.2-150000.3.11.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.32-150000.3.42.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.11.1 python-M2Crypto-debugsource-0.35.2-150000.3.11.1 python3-M2Crypto-0.35.2-150000.3.11.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.11.1 References: From sle-updates at lists.suse.com Tue Jul 5 19:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:19:04 +0200 (CEST) Subject: SUSE-RU-2022:2269-1: moderate: Recommended update for virt-manager Message-ID: <20220705191904.C6DF5FDAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2269-1 Rating: moderate References: #1027942 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2269=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2269=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2269=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2269=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150300.32.18.1 iscsiuio-debuginfo-0.7.8.6-150300.32.18.1 libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.18.1 open-iscsi-2.1.7-150300.32.18.1 open-iscsi-debuginfo-2.1.7-150300.32.18.1 open-iscsi-debugsource-2.1.7-150300.32.18.1 open-iscsi-devel-2.1.7-150300.32.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150300.32.18.1 iscsiuio-debuginfo-0.7.8.6-150300.32.18.1 libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.18.1 open-iscsi-2.1.7-150300.32.18.1 open-iscsi-debuginfo-2.1.7-150300.32.18.1 open-iscsi-debugsource-2.1.7-150300.32.18.1 open-iscsi-devel-2.1.7-150300.32.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): iscsiuio-0.7.8.6-150300.32.18.1 iscsiuio-debuginfo-0.7.8.6-150300.32.18.1 libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.18.1 open-iscsi-2.1.7-150300.32.18.1 open-iscsi-debuginfo-2.1.7-150300.32.18.1 open-iscsi-debugsource-2.1.7-150300.32.18.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): iscsiuio-0.7.8.6-150300.32.18.1 iscsiuio-debuginfo-0.7.8.6-150300.32.18.1 libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150300.32.18.1 open-iscsi-2.1.7-150300.32.18.1 open-iscsi-debuginfo-2.1.7-150300.32.18.1 open-iscsi-debugsource-2.1.7-150300.32.18.1 References: https://bugzilla.suse.com/1027942 From sle-updates at lists.suse.com Tue Jul 5 19:19:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:19:38 +0200 (CEST) Subject: SUSE-SU-2022:2276-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) Message-ID: <20220705191938.CDA11FDAB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2276-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_102 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2276=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-10-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Tue Jul 5 19:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jul 2022 21:20:19 +0200 (CEST) Subject: SUSE-SU-2022:2275-1: important: Security update for php7 Message-ID: <20220705192019.099EDFDAB@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2275-1 Rating: important References: #1200628 #1200645 Cross-References: CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2022-31625 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2275=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2275=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2275=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2275=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2275=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2275=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2275=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2275=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2275=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2275=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2275=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.5-150000.4.95.1 php7-pear-Archive_Tar-7.2.5-150000.4.95.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.5-150000.4.95.1 apache2-mod_php7-debuginfo-7.2.5-150000.4.95.1 php7-7.2.5-150000.4.95.1 php7-bcmath-7.2.5-150000.4.95.1 php7-bcmath-debuginfo-7.2.5-150000.4.95.1 php7-bz2-7.2.5-150000.4.95.1 php7-bz2-debuginfo-7.2.5-150000.4.95.1 php7-calendar-7.2.5-150000.4.95.1 php7-calendar-debuginfo-7.2.5-150000.4.95.1 php7-ctype-7.2.5-150000.4.95.1 php7-ctype-debuginfo-7.2.5-150000.4.95.1 php7-curl-7.2.5-150000.4.95.1 php7-curl-debuginfo-7.2.5-150000.4.95.1 php7-dba-7.2.5-150000.4.95.1 php7-dba-debuginfo-7.2.5-150000.4.95.1 php7-debuginfo-7.2.5-150000.4.95.1 php7-debugsource-7.2.5-150000.4.95.1 php7-devel-7.2.5-150000.4.95.1 php7-dom-7.2.5-150000.4.95.1 php7-dom-debuginfo-7.2.5-150000.4.95.1 php7-enchant-7.2.5-150000.4.95.1 php7-enchant-debuginfo-7.2.5-150000.4.95.1 php7-exif-7.2.5-150000.4.95.1 php7-exif-debuginfo-7.2.5-150000.4.95.1 php7-fastcgi-7.2.5-150000.4.95.1 php7-fastcgi-debuginfo-7.2.5-150000.4.95.1 php7-fileinfo-7.2.5-150000.4.95.1 php7-fileinfo-debuginfo-7.2.5-150000.4.95.1 php7-fpm-7.2.5-150000.4.95.1 php7-fpm-debuginfo-7.2.5-150000.4.95.1 php7-ftp-7.2.5-150000.4.95.1 php7-ftp-debuginfo-7.2.5-150000.4.95.1 php7-gd-7.2.5-150000.4.95.1 php7-gd-debuginfo-7.2.5-150000.4.95.1 php7-gettext-7.2.5-150000.4.95.1 php7-gettext-debuginfo-7.2.5-150000.4.95.1 php7-gmp-7.2.5-150000.4.95.1 php7-gmp-debuginfo-7.2.5-150000.4.95.1 php7-iconv-7.2.5-150000.4.95.1 php7-iconv-debuginfo-7.2.5-150000.4.95.1 php7-intl-7.2.5-150000.4.95.1 php7-intl-debuginfo-7.2.5-150000.4.95.1 php7-json-7.2.5-150000.4.95.1 php7-json-debuginfo-7.2.5-150000.4.95.1 php7-ldap-7.2.5-150000.4.95.1 php7-ldap-debuginfo-7.2.5-150000.4.95.1 php7-mbstring-7.2.5-150000.4.95.1 php7-mbstring-debuginfo-7.2.5-150000.4.95.1 php7-mysql-7.2.5-150000.4.95.1 php7-mysql-debuginfo-7.2.5-150000.4.95.1 php7-odbc-7.2.5-150000.4.95.1 php7-odbc-debuginfo-7.2.5-150000.4.95.1 php7-opcache-7.2.5-150000.4.95.1 php7-opcache-debuginfo-7.2.5-150000.4.95.1 php7-openssl-7.2.5-150000.4.95.1 php7-openssl-debuginfo-7.2.5-150000.4.95.1 php7-pcntl-7.2.5-150000.4.95.1 php7-pcntl-debuginfo-7.2.5-150000.4.95.1 php7-pdo-7.2.5-150000.4.95.1 php7-pdo-debuginfo-7.2.5-150000.4.95.1 php7-pgsql-7.2.5-150000.4.95.1 php7-pgsql-debuginfo-7.2.5-150000.4.95.1 php7-phar-7.2.5-150000.4.95.1 php7-phar-debuginfo-7.2.5-150000.4.95.1 php7-posix-7.2.5-150000.4.95.1 php7-posix-debuginfo-7.2.5-150000.4.95.1 php7-readline-7.2.5-150000.4.95.1 php7-readline-debuginfo-7.2.5-150000.4.95.1 php7-shmop-7.2.5-150000.4.95.1 php7-shmop-debuginfo-7.2.5-150000.4.95.1 php7-snmp-7.2.5-150000.4.95.1 php7-snmp-debuginfo-7.2.5-150000.4.95.1 php7-soap-7.2.5-150000.4.95.1 php7-soap-debuginfo-7.2.5-150000.4.95.1 php7-sockets-7.2.5-150000.4.95.1 php7-sockets-debuginfo-7.2.5-150000.4.95.1 php7-sodium-7.2.5-150000.4.95.1 php7-sodium-debuginfo-7.2.5-150000.4.95.1 php7-sqlite-7.2.5-150000.4.95.1 php7-sqlite-debuginfo-7.2.5-150000.4.95.1 php7-sysvmsg-7.2.5-150000.4.95.1 php7-sysvmsg-debuginfo-7.2.5-150000.4.95.1 php7-sysvsem-7.2.5-150000.4.95.1 php7-sysvsem-debuginfo-7.2.5-150000.4.95.1 php7-sysvshm-7.2.5-150000.4.95.1 php7-sysvshm-debuginfo-7.2.5-150000.4.95.1 php7-tidy-7.2.5-150000.4.95.1 php7-tidy-debuginfo-7.2.5-150000.4.95.1 php7-tokenizer-7.2.5-150000.4.95.1 php7-tokenizer-debuginfo-7.2.5-150000.4.95.1 php7-wddx-7.2.5-150000.4.95.1 php7-wddx-debuginfo-7.2.5-150000.4.95.1 php7-xmlreader-7.2.5-150000.4.95.1 php7-xmlreader-debuginfo-7.2.5-150000.4.95.1 php7-xmlrpc-7.2.5-150000.4.95.1 php7-xmlrpc-debuginfo-7.2.5-150000.4.95.1 php7-xmlwriter-7.2.5-150000.4.95.1 php7-xmlwriter-debuginfo-7.2.5-150000.4.95.1 php7-xsl-7.2.5-150000.4.95.1 php7-xsl-debuginfo-7.2.5-150000.4.95.1 php7-zip-7.2.5-150000.4.95.1 php7-zip-debuginfo-7.2.5-150000.4.95.1 php7-zlib-7.2.5-150000.4.95.1 php7-zlib-debuginfo-7.2.5-150000.4.95.1 References: https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Wed Jul 6 07:15:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 09:15:44 +0200 (CEST) Subject: SUSE-SU-2022:2277-1: moderate: Security update for haproxy Message-ID: <20220706071544.62DF9F789@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2277-1 Rating: moderate References: #1196408 Cross-References: CVE-2022-0711 CVSS scores: CVE-2022-0711 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0711 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy fixes the following issues: - CVE-2022-0711: haproxy: Denial of service via set-cookie2 header (bsc#1196408). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2277=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2277=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.3.13 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.3.13 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.3.13 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.3.13 References: https://www.suse.com/security/cve/CVE-2022-0711.html https://bugzilla.suse.com/1196408 From sle-updates at lists.suse.com Wed Jul 6 13:16:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 15:16:48 +0200 (CEST) Subject: SUSE-SU-2022:2281-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) Message-ID: <20220706131648.1B508FDAB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2281-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_150 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2280=1 SUSE-SLE-SAP-12-SP3-2022-2281=1 SUSE-SLE-SAP-12-SP3-2022-2282=1 SUSE-SLE-SAP-12-SP3-2022-2283=1 SUSE-SLE-SAP-12-SP3-2022-2284=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2280=1 SUSE-SLE-SERVER-12-SP3-2022-2281=1 SUSE-SLE-SERVER-12-SP3-2022-2282=1 SUSE-SLE-SERVER-12-SP3-2022-2283=1 SUSE-SLE-SERVER-12-SP3-2022-2284=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2286=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-14-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_150-default-10-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_153-default-6-2.2 kgraft-patch-4_4_180-94_153-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_156-default-5-2.2 kgraft-patch-4_4_180-94_156-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_161-default-4-2.2 kgraft-patch-4_4_180-94_161-default-debuginfo-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-14-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_150-default-10-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-10-2.2 kgraft-patch-4_4_180-94_153-default-6-2.2 kgraft-patch-4_4_180-94_153-default-debuginfo-6-2.2 kgraft-patch-4_4_180-94_156-default-5-2.2 kgraft-patch-4_4_180-94_156-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_161-default-4-2.2 kgraft-patch-4_4_180-94_161-default-debuginfo-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_77-default-17-2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Wed Jul 6 13:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 15:17:58 +0200 (CEST) Subject: SUSE-SU-2022:2279-1: important: Security update for MozillaFirefox Message-ID: <20220706131758.D72E3FDAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2279-1 Rating: important References: #1200793 Cross-References: CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2279=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2279=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2279=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2279=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2279=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2279=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2279=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2279=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2279=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2279=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.11.0-150000.150.47.1 MozillaFirefox-debuginfo-91.11.0-150000.150.47.1 MozillaFirefox-debugsource-91.11.0-150000.150.47.1 MozillaFirefox-devel-91.11.0-150000.150.47.1 MozillaFirefox-translations-common-91.11.0-150000.150.47.1 MozillaFirefox-translations-other-91.11.0-150000.150.47.1 References: https://www.suse.com/security/cve/CVE-2022-2200.html https://www.suse.com/security/cve/CVE-2022-31744.html https://www.suse.com/security/cve/CVE-2022-34468.html https://www.suse.com/security/cve/CVE-2022-34470.html https://www.suse.com/security/cve/CVE-2022-34472.html https://www.suse.com/security/cve/CVE-2022-34478.html https://www.suse.com/security/cve/CVE-2022-34479.html https://www.suse.com/security/cve/CVE-2022-34481.html https://www.suse.com/security/cve/CVE-2022-34484.html https://bugzilla.suse.com/1200793 From sle-updates at lists.suse.com Wed Jul 6 13:18:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 15:18:44 +0200 (CEST) Subject: SUSE-SU-2022:2278-1: important: Security update for salt Message-ID: <20220706131844.B40BBFDAB@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2278-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could by used to bypass authentication when using PAM (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2278=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2278=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2278=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2278=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2278=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2278=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2278=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2278=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2278=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3004-150200.72.1 salt-3004-150200.72.1 salt-api-3004-150200.72.1 salt-cloud-3004-150200.72.1 salt-doc-3004-150200.72.1 salt-master-3004-150200.72.1 salt-minion-3004-150200.72.1 salt-proxy-3004-150200.72.1 salt-ssh-3004-150200.72.1 salt-standalone-formulas-configuration-3004-150200.72.1 salt-syndic-3004-150200.72.1 salt-transactional-update-3004-150200.72.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3004-150200.72.1 salt-fish-completion-3004-150200.72.1 salt-zsh-completion-3004-150200.72.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Wed Jul 6 13:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 15:19:22 +0200 (CEST) Subject: SUSE-SU-2022:2287-1: important: Security update for fwupdate Message-ID: <20220706131922.67D42FDAB@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2287-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2287=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2287=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2287=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2287=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): fwupdate-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debugsource-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-devel-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): fwupdate-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debugsource-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-devel-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debugsource-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-devel-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-debugsource-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-devel-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-9+git21.gcd8f7d7-150000.6.10.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-9+git21.gcd8f7d7-150000.6.10.1 libfwup1-debuginfo-9+git21.gcd8f7d7-150000.6.10.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jul 6 13:19:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 15:19:54 +0200 (CEST) Subject: SUSE-SU-2022:2285-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP3) Message-ID: <20220706131954.246DAFDAB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 45 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2285-1 Rating: important References: #1197211 Cross-References: CVE-2021-39713 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_164 fixes one issue. The following security issue was fixed: - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2285=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2285=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_164-default-2-2.2 kgraft-patch-4_4_180-94_164-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_164-default-2-2.2 kgraft-patch-4_4_180-94_164-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://bugzilla.suse.com/1197211 From sle-updates at lists.suse.com Wed Jul 6 16:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:17:24 +0200 (CEST) Subject: SUSE-SU-2022:2297-1: important: Security update for python-Twisted Message-ID: <20220706161724.B1008F789@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2297-1 Rating: important References: #1196739 Cross-References: CVE-2022-21716 CVSS scores: CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2297=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2297=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-doc-22.2.0-150400.5.4.1 python3-Twisted-22.2.0-150400.5.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): python3-Twisted-22.2.0-150400.5.4.1 References: https://www.suse.com/security/cve/CVE-2022-21716.html https://bugzilla.suse.com/1196739 From sle-updates at lists.suse.com Wed Jul 6 16:17:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:17:59 +0200 (CEST) Subject: SUSE-SU-2022:2292-1: important: Security update for php7 Message-ID: <20220706161759.94F26F789@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2292-1 Rating: important References: #1193041 #1200628 #1200645 Cross-References: CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-31625 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21707: Fixed a special character breaks path in xml parsing. (bsc#1193041) - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2292=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2292=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2292=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.25-150400.4.8.1 apache2-mod_php7-debuginfo-7.4.25-150400.4.8.1 apache2-mod_php7-debugsource-7.4.25-150400.4.8.1 php7-7.4.25-150400.4.8.1 php7-bcmath-7.4.25-150400.4.8.1 php7-bcmath-debuginfo-7.4.25-150400.4.8.1 php7-bz2-7.4.25-150400.4.8.1 php7-bz2-debuginfo-7.4.25-150400.4.8.1 php7-calendar-7.4.25-150400.4.8.1 php7-calendar-debuginfo-7.4.25-150400.4.8.1 php7-cli-7.4.25-150400.4.8.1 php7-cli-debuginfo-7.4.25-150400.4.8.1 php7-ctype-7.4.25-150400.4.8.1 php7-ctype-debuginfo-7.4.25-150400.4.8.1 php7-curl-7.4.25-150400.4.8.1 php7-curl-debuginfo-7.4.25-150400.4.8.1 php7-dba-7.4.25-150400.4.8.1 php7-dba-debuginfo-7.4.25-150400.4.8.1 php7-debuginfo-7.4.25-150400.4.8.1 php7-debugsource-7.4.25-150400.4.8.1 php7-devel-7.4.25-150400.4.8.1 php7-dom-7.4.25-150400.4.8.1 php7-dom-debuginfo-7.4.25-150400.4.8.1 php7-embed-7.4.25-150400.4.8.1 php7-embed-debuginfo-7.4.25-150400.4.8.1 php7-embed-debugsource-7.4.25-150400.4.8.1 php7-enchant-7.4.25-150400.4.8.1 php7-enchant-debuginfo-7.4.25-150400.4.8.1 php7-exif-7.4.25-150400.4.8.1 php7-exif-debuginfo-7.4.25-150400.4.8.1 php7-fastcgi-7.4.25-150400.4.8.1 php7-fastcgi-debuginfo-7.4.25-150400.4.8.1 php7-fastcgi-debugsource-7.4.25-150400.4.8.1 php7-fileinfo-7.4.25-150400.4.8.1 php7-fileinfo-debuginfo-7.4.25-150400.4.8.1 php7-fpm-7.4.25-150400.4.8.1 php7-fpm-debuginfo-7.4.25-150400.4.8.1 php7-fpm-debugsource-7.4.25-150400.4.8.1 php7-ftp-7.4.25-150400.4.8.1 php7-ftp-debuginfo-7.4.25-150400.4.8.1 php7-gd-7.4.25-150400.4.8.1 php7-gd-debuginfo-7.4.25-150400.4.8.1 php7-gettext-7.4.25-150400.4.8.1 php7-gettext-debuginfo-7.4.25-150400.4.8.1 php7-gmp-7.4.25-150400.4.8.1 php7-gmp-debuginfo-7.4.25-150400.4.8.1 php7-iconv-7.4.25-150400.4.8.1 php7-iconv-debuginfo-7.4.25-150400.4.8.1 php7-intl-7.4.25-150400.4.8.1 php7-intl-debuginfo-7.4.25-150400.4.8.1 php7-json-7.4.25-150400.4.8.1 php7-json-debuginfo-7.4.25-150400.4.8.1 php7-ldap-7.4.25-150400.4.8.1 php7-ldap-debuginfo-7.4.25-150400.4.8.1 php7-mbstring-7.4.25-150400.4.8.1 php7-mbstring-debuginfo-7.4.25-150400.4.8.1 php7-mysql-7.4.25-150400.4.8.1 php7-mysql-debuginfo-7.4.25-150400.4.8.1 php7-odbc-7.4.25-150400.4.8.1 php7-odbc-debuginfo-7.4.25-150400.4.8.1 php7-opcache-7.4.25-150400.4.8.1 php7-opcache-debuginfo-7.4.25-150400.4.8.1 php7-openssl-7.4.25-150400.4.8.1 php7-openssl-debuginfo-7.4.25-150400.4.8.1 php7-pcntl-7.4.25-150400.4.8.1 php7-pcntl-debuginfo-7.4.25-150400.4.8.1 php7-pdo-7.4.25-150400.4.8.1 php7-pdo-debuginfo-7.4.25-150400.4.8.1 php7-pgsql-7.4.25-150400.4.8.1 php7-pgsql-debuginfo-7.4.25-150400.4.8.1 php7-phar-7.4.25-150400.4.8.1 php7-phar-debuginfo-7.4.25-150400.4.8.1 php7-posix-7.4.25-150400.4.8.1 php7-posix-debuginfo-7.4.25-150400.4.8.1 php7-readline-7.4.25-150400.4.8.1 php7-readline-debuginfo-7.4.25-150400.4.8.1 php7-shmop-7.4.25-150400.4.8.1 php7-shmop-debuginfo-7.4.25-150400.4.8.1 php7-snmp-7.4.25-150400.4.8.1 php7-snmp-debuginfo-7.4.25-150400.4.8.1 php7-soap-7.4.25-150400.4.8.1 php7-soap-debuginfo-7.4.25-150400.4.8.1 php7-sockets-7.4.25-150400.4.8.1 php7-sockets-debuginfo-7.4.25-150400.4.8.1 php7-sodium-7.4.25-150400.4.8.1 php7-sodium-debuginfo-7.4.25-150400.4.8.1 php7-sqlite-7.4.25-150400.4.8.1 php7-sqlite-debuginfo-7.4.25-150400.4.8.1 php7-sysvmsg-7.4.25-150400.4.8.1 php7-sysvmsg-debuginfo-7.4.25-150400.4.8.1 php7-sysvsem-7.4.25-150400.4.8.1 php7-sysvsem-debuginfo-7.4.25-150400.4.8.1 php7-sysvshm-7.4.25-150400.4.8.1 php7-sysvshm-debuginfo-7.4.25-150400.4.8.1 php7-test-7.4.25-150400.4.8.1 php7-tidy-7.4.25-150400.4.8.1 php7-tidy-debuginfo-7.4.25-150400.4.8.1 php7-tokenizer-7.4.25-150400.4.8.1 php7-tokenizer-debuginfo-7.4.25-150400.4.8.1 php7-xmlreader-7.4.25-150400.4.8.1 php7-xmlreader-debuginfo-7.4.25-150400.4.8.1 php7-xmlrpc-7.4.25-150400.4.8.1 php7-xmlrpc-debuginfo-7.4.25-150400.4.8.1 php7-xmlwriter-7.4.25-150400.4.8.1 php7-xmlwriter-debuginfo-7.4.25-150400.4.8.1 php7-xsl-7.4.25-150400.4.8.1 php7-xsl-debuginfo-7.4.25-150400.4.8.1 php7-zip-7.4.25-150400.4.8.1 php7-zip-debuginfo-7.4.25-150400.4.8.1 php7-zlib-7.4.25-150400.4.8.1 php7-zlib-debuginfo-7.4.25-150400.4.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): php7-embed-7.4.25-150400.4.8.1 php7-embed-debuginfo-7.4.25-150400.4.8.1 php7-embed-debugsource-7.4.25-150400.4.8.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.25-150400.4.8.1 apache2-mod_php7-debuginfo-7.4.25-150400.4.8.1 apache2-mod_php7-debugsource-7.4.25-150400.4.8.1 php7-7.4.25-150400.4.8.1 php7-bcmath-7.4.25-150400.4.8.1 php7-bcmath-debuginfo-7.4.25-150400.4.8.1 php7-bz2-7.4.25-150400.4.8.1 php7-bz2-debuginfo-7.4.25-150400.4.8.1 php7-calendar-7.4.25-150400.4.8.1 php7-calendar-debuginfo-7.4.25-150400.4.8.1 php7-cli-7.4.25-150400.4.8.1 php7-cli-debuginfo-7.4.25-150400.4.8.1 php7-ctype-7.4.25-150400.4.8.1 php7-ctype-debuginfo-7.4.25-150400.4.8.1 php7-curl-7.4.25-150400.4.8.1 php7-curl-debuginfo-7.4.25-150400.4.8.1 php7-dba-7.4.25-150400.4.8.1 php7-dba-debuginfo-7.4.25-150400.4.8.1 php7-debuginfo-7.4.25-150400.4.8.1 php7-debugsource-7.4.25-150400.4.8.1 php7-devel-7.4.25-150400.4.8.1 php7-dom-7.4.25-150400.4.8.1 php7-dom-debuginfo-7.4.25-150400.4.8.1 php7-enchant-7.4.25-150400.4.8.1 php7-enchant-debuginfo-7.4.25-150400.4.8.1 php7-exif-7.4.25-150400.4.8.1 php7-exif-debuginfo-7.4.25-150400.4.8.1 php7-fastcgi-7.4.25-150400.4.8.1 php7-fastcgi-debuginfo-7.4.25-150400.4.8.1 php7-fastcgi-debugsource-7.4.25-150400.4.8.1 php7-fileinfo-7.4.25-150400.4.8.1 php7-fileinfo-debuginfo-7.4.25-150400.4.8.1 php7-fpm-7.4.25-150400.4.8.1 php7-fpm-debuginfo-7.4.25-150400.4.8.1 php7-fpm-debugsource-7.4.25-150400.4.8.1 php7-ftp-7.4.25-150400.4.8.1 php7-ftp-debuginfo-7.4.25-150400.4.8.1 php7-gd-7.4.25-150400.4.8.1 php7-gd-debuginfo-7.4.25-150400.4.8.1 php7-gettext-7.4.25-150400.4.8.1 php7-gettext-debuginfo-7.4.25-150400.4.8.1 php7-gmp-7.4.25-150400.4.8.1 php7-gmp-debuginfo-7.4.25-150400.4.8.1 php7-iconv-7.4.25-150400.4.8.1 php7-iconv-debuginfo-7.4.25-150400.4.8.1 php7-intl-7.4.25-150400.4.8.1 php7-intl-debuginfo-7.4.25-150400.4.8.1 php7-json-7.4.25-150400.4.8.1 php7-json-debuginfo-7.4.25-150400.4.8.1 php7-ldap-7.4.25-150400.4.8.1 php7-ldap-debuginfo-7.4.25-150400.4.8.1 php7-mbstring-7.4.25-150400.4.8.1 php7-mbstring-debuginfo-7.4.25-150400.4.8.1 php7-mysql-7.4.25-150400.4.8.1 php7-mysql-debuginfo-7.4.25-150400.4.8.1 php7-odbc-7.4.25-150400.4.8.1 php7-odbc-debuginfo-7.4.25-150400.4.8.1 php7-opcache-7.4.25-150400.4.8.1 php7-opcache-debuginfo-7.4.25-150400.4.8.1 php7-openssl-7.4.25-150400.4.8.1 php7-openssl-debuginfo-7.4.25-150400.4.8.1 php7-pcntl-7.4.25-150400.4.8.1 php7-pcntl-debuginfo-7.4.25-150400.4.8.1 php7-pdo-7.4.25-150400.4.8.1 php7-pdo-debuginfo-7.4.25-150400.4.8.1 php7-pgsql-7.4.25-150400.4.8.1 php7-pgsql-debuginfo-7.4.25-150400.4.8.1 php7-phar-7.4.25-150400.4.8.1 php7-phar-debuginfo-7.4.25-150400.4.8.1 php7-posix-7.4.25-150400.4.8.1 php7-posix-debuginfo-7.4.25-150400.4.8.1 php7-readline-7.4.25-150400.4.8.1 php7-readline-debuginfo-7.4.25-150400.4.8.1 php7-shmop-7.4.25-150400.4.8.1 php7-shmop-debuginfo-7.4.25-150400.4.8.1 php7-snmp-7.4.25-150400.4.8.1 php7-snmp-debuginfo-7.4.25-150400.4.8.1 php7-soap-7.4.25-150400.4.8.1 php7-soap-debuginfo-7.4.25-150400.4.8.1 php7-sockets-7.4.25-150400.4.8.1 php7-sockets-debuginfo-7.4.25-150400.4.8.1 php7-sodium-7.4.25-150400.4.8.1 php7-sodium-debuginfo-7.4.25-150400.4.8.1 php7-sqlite-7.4.25-150400.4.8.1 php7-sqlite-debuginfo-7.4.25-150400.4.8.1 php7-sysvmsg-7.4.25-150400.4.8.1 php7-sysvmsg-debuginfo-7.4.25-150400.4.8.1 php7-sysvsem-7.4.25-150400.4.8.1 php7-sysvsem-debuginfo-7.4.25-150400.4.8.1 php7-sysvshm-7.4.25-150400.4.8.1 php7-sysvshm-debuginfo-7.4.25-150400.4.8.1 php7-tidy-7.4.25-150400.4.8.1 php7-tidy-debuginfo-7.4.25-150400.4.8.1 php7-tokenizer-7.4.25-150400.4.8.1 php7-tokenizer-debuginfo-7.4.25-150400.4.8.1 php7-xmlreader-7.4.25-150400.4.8.1 php7-xmlreader-debuginfo-7.4.25-150400.4.8.1 php7-xmlrpc-7.4.25-150400.4.8.1 php7-xmlrpc-debuginfo-7.4.25-150400.4.8.1 php7-xmlwriter-7.4.25-150400.4.8.1 php7-xmlwriter-debuginfo-7.4.25-150400.4.8.1 php7-xsl-7.4.25-150400.4.8.1 php7-xsl-debuginfo-7.4.25-150400.4.8.1 php7-zip-7.4.25-150400.4.8.1 php7-zip-debuginfo-7.4.25-150400.4.8.1 php7-zlib-7.4.25-150400.4.8.1 php7-zlib-debuginfo-7.4.25-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1193041 https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Wed Jul 6 16:18:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:18:45 +0200 (CEST) Subject: SUSE-SU-2022:2308-1: important: Security update for openssl-1_1 Message-ID: <20220706161845.96C96F789@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2308-1 Rating: important References: #1185637 #1199166 #1200550 #1201099 Cross-References: CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2308=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2308=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.7.1 libopenssl1_1-1.1.1l-150400.7.7.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.7.1 libopenssl1_1-hmac-1.1.1l-150400.7.7.1 openssl-1_1-1.1.1l-150400.7.7.1 openssl-1_1-debuginfo-1.1.1l-150400.7.7.1 openssl-1_1-debugsource-1.1.1l-150400.7.7.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.7.1 libopenssl1_1-32bit-1.1.1l-150400.7.7.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.7.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1 - openSUSE Leap 15.4 (noarch): openssl-1_1-doc-1.1.1l-150400.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.7.1 libopenssl1_1-1.1.1l-150400.7.7.1 libopenssl1_1-debuginfo-1.1.1l-150400.7.7.1 libopenssl1_1-hmac-1.1.1l-150400.7.7.1 openssl-1_1-1.1.1l-150400.7.7.1 openssl-1_1-debuginfo-1.1.1l-150400.7.7.1 openssl-1_1-debugsource-1.1.1l-150400.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libopenssl1_1-32bit-1.1.1l-150400.7.7.1 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.7.1 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1200550 https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Wed Jul 6 16:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:19:41 +0200 (CEST) Subject: SUSE-SU-2022:2301-1: moderate: Security update for ImageMagick Message-ID: <20220706161941.061C7F789@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2301-1 Rating: moderate References: #1200387 #1200388 #1200389 Cross-References: CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVSS scores: CVE-2022-32545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32545 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32546 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32546 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-32547 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32547 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2301=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2301=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2301=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.3.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.3.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.3.1 ImageMagick-debuginfo-7.1.0.9-150400.6.3.1 ImageMagick-debugsource-7.1.0.9-150400.6.3.1 ImageMagick-devel-7.1.0.9-150400.6.3.1 ImageMagick-extra-7.1.0.9-150400.6.3.1 ImageMagick-extra-debuginfo-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.3.1 libMagick++-devel-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.3.1 perl-PerlMagick-7.1.0.9-150400.6.3.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.3.1 - openSUSE Leap 15.4 (x86_64): ImageMagick-devel-32bit-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.3.1 libMagick++-devel-32bit-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.3.1 - openSUSE Leap 15.4 (noarch): ImageMagick-doc-7.1.0.9-150400.6.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.1.0.9-150400.6.3.1 ImageMagick-debugsource-7.1.0.9-150400.6.3.1 perl-PerlMagick-7.1.0.9-150400.6.3.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.3.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.3.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.3.1 ImageMagick-debuginfo-7.1.0.9-150400.6.3.1 ImageMagick-debugsource-7.1.0.9-150400.6.3.1 ImageMagick-devel-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.3.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.3.1 libMagick++-devel-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.3.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.3.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.3.1 References: https://www.suse.com/security/cve/CVE-2022-32545.html https://www.suse.com/security/cve/CVE-2022-32546.html https://www.suse.com/security/cve/CVE-2022-32547.html https://bugzilla.suse.com/1200387 https://bugzilla.suse.com/1200388 https://bugzilla.suse.com/1200389 From sle-updates at lists.suse.com Wed Jul 6 16:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:20:27 +0200 (CEST) Subject: SUSE-SU-2022:2294-1: important: Security update for expat Message-ID: <20220706162027.F27CAF789@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2294-1 Rating: important References: #1196025 #1196026 #1196168 #1196169 #1196171 #1196784 Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVSS scores: CVE-2022-25235 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25235 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25313 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25313 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25314 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25314 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25315 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25315 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2294=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2294=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.6.9 expat-debuginfo-2.4.4-150400.3.6.9 expat-debugsource-2.4.4-150400.3.6.9 libexpat-devel-2.4.4-150400.3.6.9 libexpat1-2.4.4-150400.3.6.9 libexpat1-debuginfo-2.4.4-150400.3.6.9 - openSUSE Leap 15.4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.6.9 libexpat-devel-32bit-2.4.4-150400.3.6.9 libexpat1-32bit-2.4.4-150400.3.6.9 libexpat1-32bit-debuginfo-2.4.4-150400.3.6.9 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.6.9 expat-debuginfo-2.4.4-150400.3.6.9 expat-debugsource-2.4.4-150400.3.6.9 libexpat-devel-2.4.4-150400.3.6.9 libexpat1-2.4.4-150400.3.6.9 libexpat1-debuginfo-2.4.4-150400.3.6.9 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.6.9 libexpat1-32bit-2.4.4-150400.3.6.9 libexpat1-32bit-debuginfo-2.4.4-150400.3.6.9 References: https://www.suse.com/security/cve/CVE-2022-25235.html https://www.suse.com/security/cve/CVE-2022-25236.html https://www.suse.com/security/cve/CVE-2022-25313.html https://www.suse.com/security/cve/CVE-2022-25314.html https://www.suse.com/security/cve/CVE-2022-25315.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196026 https://bugzilla.suse.com/1196168 https://bugzilla.suse.com/1196169 https://bugzilla.suse.com/1196171 https://bugzilla.suse.com/1196784 From sle-updates at lists.suse.com Wed Jul 6 16:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:21:25 +0200 (CEST) Subject: SUSE-RU-2022:2300-1: moderate: Recommended update for open-iscsi Message-ID: <20220706162125.DFBE3F789@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2300-1 Rating: moderate References: #1198457 #1199264 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) - Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2300=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2300=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150400.39.3.1 iscsiuio-debuginfo-0.7.8.6-150400.39.3.1 libopeniscsiusr0_2_0-2.1.7-150400.39.3.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150400.39.3.1 open-iscsi-2.1.7-150400.39.3.1 open-iscsi-debuginfo-2.1.7-150400.39.3.1 open-iscsi-debugsource-2.1.7-150400.39.3.1 open-iscsi-devel-2.1.7-150400.39.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150400.39.3.1 iscsiuio-debuginfo-0.7.8.6-150400.39.3.1 libopeniscsiusr0_2_0-2.1.7-150400.39.3.1 libopeniscsiusr0_2_0-debuginfo-2.1.7-150400.39.3.1 open-iscsi-2.1.7-150400.39.3.1 open-iscsi-debuginfo-2.1.7-150400.39.3.1 open-iscsi-debugsource-2.1.7-150400.39.3.1 open-iscsi-devel-2.1.7-150400.39.3.1 References: https://bugzilla.suse.com/1198457 https://bugzilla.suse.com/1199264 From sle-updates at lists.suse.com Wed Jul 6 16:22:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:22:06 +0200 (CEST) Subject: SUSE-SU-2022:2312-1: important: Security update for openssl-1_1 Message-ID: <20220706162206.78C13F789@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2312-1 Rating: important References: #1201099 Cross-References: CVE-2022-2097 CVSS scores: CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2312=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2312=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2312=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2312=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2312=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2312=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.69.1 libopenssl1_1-32bit-1.1.1d-2.69.1 libopenssl1_1-debuginfo-1.1.1d-2.69.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.69.1 libopenssl1_1-hmac-1.1.1d-2.69.1 libopenssl1_1-hmac-32bit-1.1.1d-2.69.1 openssl-1_1-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.69.1 libopenssl1_1-32bit-1.1.1d-2.69.1 libopenssl1_1-debuginfo-1.1.1d-2.69.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.69.1 libopenssl1_1-hmac-1.1.1d-2.69.1 libopenssl1_1-hmac-32bit-1.1.1d-2.69.1 openssl-1_1-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.69.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.69.1 libopenssl1_1-debuginfo-1.1.1d-2.69.1 libopenssl1_1-hmac-1.1.1d-2.69.1 openssl-1_1-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.69.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.69.1 libopenssl1_1-hmac-32bit-1.1.1d-2.69.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.69.1 libopenssl1_1-debuginfo-1.1.1d-2.69.1 libopenssl1_1-hmac-1.1.1d-2.69.1 openssl-1_1-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.69.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.69.1 libopenssl1_1-hmac-32bit-1.1.1d-2.69.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.69.1 libopenssl1_1-debuginfo-1.1.1d-2.69.1 libopenssl1_1-hmac-1.1.1d-2.69.1 openssl-1_1-1.1.1d-2.69.1 openssl-1_1-debuginfo-1.1.1d-2.69.1 openssl-1_1-debugsource-1.1.1d-2.69.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.69.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.69.1 libopenssl1_1-hmac-32bit-1.1.1d-2.69.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Wed Jul 6 16:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:22:43 +0200 (CEST) Subject: SUSE-SU-2022:2310-1: important: Security update for s390-tools Message-ID: <20220706162243.7E393F789@maintenance.suse.de> SUSE Security Update: Security update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2310-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of s390-tools fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2310=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2310=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2310=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2310=1 Package List: - openSUSE Leap 15.3 (s390x): libekmfweb1-2.15.1-150300.8.24.1 libekmfweb1-debuginfo-2.15.1-150300.8.24.1 libekmfweb1-devel-2.15.1-150300.8.24.1 osasnmpd-2.15.1-150300.8.24.1 osasnmpd-debuginfo-2.15.1-150300.8.24.1 s390-tools-2.15.1-150300.8.24.1 s390-tools-debuginfo-2.15.1-150300.8.24.1 s390-tools-debugsource-2.15.1-150300.8.24.1 s390-tools-hmcdrvfs-2.15.1-150300.8.24.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.24.1 s390-tools-zdsfs-2.15.1-150300.8.24.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libekmfweb1-2.15.1-150300.8.24.1 libekmfweb1-debuginfo-2.15.1-150300.8.24.1 libekmfweb1-devel-2.15.1-150300.8.24.1 osasnmpd-2.15.1-150300.8.24.1 osasnmpd-debuginfo-2.15.1-150300.8.24.1 s390-tools-2.15.1-150300.8.24.1 s390-tools-debuginfo-2.15.1-150300.8.24.1 s390-tools-debugsource-2.15.1-150300.8.24.1 s390-tools-hmcdrvfs-2.15.1-150300.8.24.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.24.1 s390-tools-zdsfs-2.15.1-150300.8.24.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.24.1 - SUSE Linux Enterprise Micro 5.2 (s390x): libekmfweb1-2.15.1-150300.8.24.1 libekmfweb1-debuginfo-2.15.1-150300.8.24.1 s390-tools-2.15.1-150300.8.24.1 s390-tools-debuginfo-2.15.1-150300.8.24.1 s390-tools-debugsource-2.15.1-150300.8.24.1 - SUSE Linux Enterprise Micro 5.1 (s390x): libekmfweb1-2.15.1-150300.8.24.1 libekmfweb1-debuginfo-2.15.1-150300.8.24.1 s390-tools-2.15.1-150300.8.24.1 s390-tools-debuginfo-2.15.1-150300.8.24.1 s390-tools-debugsource-2.15.1-150300.8.24.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jul 6 16:23:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:23:22 +0200 (CEST) Subject: SUSE-SU-2022:2311-1: important: Security update for openssl-1_1 Message-ID: <20220706162322.503C2F789@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2311-1 Rating: important References: #1201099 Cross-References: CVE-2022-2097 CVSS scores: CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2311=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2311=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2311=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2311=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2311=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2311=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.36.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-1.1.0i-150100.14.36.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-1.1.0i-150100.14.36.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.36.1 openssl-1_1-1.1.0i-150100.14.36.1 openssl-1_1-debuginfo-1.1.0i-150100.14.36.1 openssl-1_1-debugsource-1.1.0i-150100.14.36.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Wed Jul 6 16:24:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:24:04 +0200 (CEST) Subject: SUSE-SU-2022:2302-1: important: Security update for apache2 Message-ID: <20220706162404.9626FF789@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2302-1 Rating: important References: #1198913 #1200338 #1200340 #1200341 #1200345 #1200348 #1200350 #1200352 Cross-References: CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVSS scores: CVE-2022-26377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-26377 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-28614 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-28614 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28615 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-28615 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30556 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-30556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31813 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31813 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2302=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2302=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2302=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2302=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150400.6.3.1 apache2-debuginfo-2.4.51-150400.6.3.1 apache2-debugsource-2.4.51-150400.6.3.1 apache2-devel-2.4.51-150400.6.3.1 apache2-event-2.4.51-150400.6.3.1 apache2-event-debuginfo-2.4.51-150400.6.3.1 apache2-example-pages-2.4.51-150400.6.3.1 apache2-prefork-2.4.51-150400.6.3.1 apache2-prefork-debuginfo-2.4.51-150400.6.3.1 apache2-utils-2.4.51-150400.6.3.1 apache2-utils-debuginfo-2.4.51-150400.6.3.1 apache2-worker-2.4.51-150400.6.3.1 apache2-worker-debuginfo-2.4.51-150400.6.3.1 - openSUSE Leap 15.4 (noarch): apache2-doc-2.4.51-150400.6.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150400.6.3.1 apache2-debugsource-2.4.51-150400.6.3.1 apache2-devel-2.4.51-150400.6.3.1 apache2-worker-2.4.51-150400.6.3.1 apache2-worker-debuginfo-2.4.51-150400.6.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): apache2-doc-2.4.51-150400.6.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150400.6.3.1 apache2-debugsource-2.4.51-150400.6.3.1 apache2-event-2.4.51-150400.6.3.1 apache2-event-debuginfo-2.4.51-150400.6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150400.6.3.1 apache2-debuginfo-2.4.51-150400.6.3.1 apache2-debugsource-2.4.51-150400.6.3.1 apache2-prefork-2.4.51-150400.6.3.1 apache2-prefork-debuginfo-2.4.51-150400.6.3.1 apache2-utils-2.4.51-150400.6.3.1 apache2-utils-debuginfo-2.4.51-150400.6.3.1 References: https://www.suse.com/security/cve/CVE-2022-26377.html https://www.suse.com/security/cve/CVE-2022-28614.html https://www.suse.com/security/cve/CVE-2022-28615.html https://www.suse.com/security/cve/CVE-2022-29404.html https://www.suse.com/security/cve/CVE-2022-30522.html https://www.suse.com/security/cve/CVE-2022-30556.html https://www.suse.com/security/cve/CVE-2022-31813.html https://bugzilla.suse.com/1198913 https://bugzilla.suse.com/1200338 https://bugzilla.suse.com/1200340 https://bugzilla.suse.com/1200341 https://bugzilla.suse.com/1200345 https://bugzilla.suse.com/1200348 https://bugzilla.suse.com/1200350 https://bugzilla.suse.com/1200352 From sle-updates at lists.suse.com Wed Jul 6 16:25:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:25:21 +0200 (CEST) Subject: SUSE-SU-2022:2303-1: important: Security update for php8 Message-ID: <20220706162521.2D67EF789@maintenance.suse.de> SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2303-1 Rating: important References: #1193041 #1200628 #1200645 Cross-References: CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-31625 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php8 fixes the following issues: - CVE-2021-21707: Fixed a special character that breaks path in xml parsing. (bsc#1193041) - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2303=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-2303=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.10-150400.4.8.1 apache2-mod_php8-debuginfo-8.0.10-150400.4.8.1 apache2-mod_php8-debugsource-8.0.10-150400.4.8.1 php8-8.0.10-150400.4.8.1 php8-bcmath-8.0.10-150400.4.8.1 php8-bcmath-debuginfo-8.0.10-150400.4.8.1 php8-bz2-8.0.10-150400.4.8.1 php8-bz2-debuginfo-8.0.10-150400.4.8.1 php8-calendar-8.0.10-150400.4.8.1 php8-calendar-debuginfo-8.0.10-150400.4.8.1 php8-cli-8.0.10-150400.4.8.1 php8-cli-debuginfo-8.0.10-150400.4.8.1 php8-ctype-8.0.10-150400.4.8.1 php8-ctype-debuginfo-8.0.10-150400.4.8.1 php8-curl-8.0.10-150400.4.8.1 php8-curl-debuginfo-8.0.10-150400.4.8.1 php8-dba-8.0.10-150400.4.8.1 php8-dba-debuginfo-8.0.10-150400.4.8.1 php8-debuginfo-8.0.10-150400.4.8.1 php8-debugsource-8.0.10-150400.4.8.1 php8-devel-8.0.10-150400.4.8.1 php8-dom-8.0.10-150400.4.8.1 php8-dom-debuginfo-8.0.10-150400.4.8.1 php8-embed-8.0.10-150400.4.8.1 php8-embed-debuginfo-8.0.10-150400.4.8.1 php8-embed-debugsource-8.0.10-150400.4.8.1 php8-enchant-8.0.10-150400.4.8.1 php8-enchant-debuginfo-8.0.10-150400.4.8.1 php8-exif-8.0.10-150400.4.8.1 php8-exif-debuginfo-8.0.10-150400.4.8.1 php8-fastcgi-8.0.10-150400.4.8.1 php8-fastcgi-debuginfo-8.0.10-150400.4.8.1 php8-fastcgi-debugsource-8.0.10-150400.4.8.1 php8-fileinfo-8.0.10-150400.4.8.1 php8-fileinfo-debuginfo-8.0.10-150400.4.8.1 php8-fpm-8.0.10-150400.4.8.1 php8-fpm-debuginfo-8.0.10-150400.4.8.1 php8-fpm-debugsource-8.0.10-150400.4.8.1 php8-ftp-8.0.10-150400.4.8.1 php8-ftp-debuginfo-8.0.10-150400.4.8.1 php8-gd-8.0.10-150400.4.8.1 php8-gd-debuginfo-8.0.10-150400.4.8.1 php8-gettext-8.0.10-150400.4.8.1 php8-gettext-debuginfo-8.0.10-150400.4.8.1 php8-gmp-8.0.10-150400.4.8.1 php8-gmp-debuginfo-8.0.10-150400.4.8.1 php8-iconv-8.0.10-150400.4.8.1 php8-iconv-debuginfo-8.0.10-150400.4.8.1 php8-intl-8.0.10-150400.4.8.1 php8-intl-debuginfo-8.0.10-150400.4.8.1 php8-ldap-8.0.10-150400.4.8.1 php8-ldap-debuginfo-8.0.10-150400.4.8.1 php8-mbstring-8.0.10-150400.4.8.1 php8-mbstring-debuginfo-8.0.10-150400.4.8.1 php8-mysql-8.0.10-150400.4.8.1 php8-mysql-debuginfo-8.0.10-150400.4.8.1 php8-odbc-8.0.10-150400.4.8.1 php8-odbc-debuginfo-8.0.10-150400.4.8.1 php8-opcache-8.0.10-150400.4.8.1 php8-opcache-debuginfo-8.0.10-150400.4.8.1 php8-openssl-8.0.10-150400.4.8.1 php8-openssl-debuginfo-8.0.10-150400.4.8.1 php8-pcntl-8.0.10-150400.4.8.1 php8-pcntl-debuginfo-8.0.10-150400.4.8.1 php8-pdo-8.0.10-150400.4.8.1 php8-pdo-debuginfo-8.0.10-150400.4.8.1 php8-pgsql-8.0.10-150400.4.8.1 php8-pgsql-debuginfo-8.0.10-150400.4.8.1 php8-phar-8.0.10-150400.4.8.1 php8-phar-debuginfo-8.0.10-150400.4.8.1 php8-posix-8.0.10-150400.4.8.1 php8-posix-debuginfo-8.0.10-150400.4.8.1 php8-readline-8.0.10-150400.4.8.1 php8-readline-debuginfo-8.0.10-150400.4.8.1 php8-shmop-8.0.10-150400.4.8.1 php8-shmop-debuginfo-8.0.10-150400.4.8.1 php8-snmp-8.0.10-150400.4.8.1 php8-snmp-debuginfo-8.0.10-150400.4.8.1 php8-soap-8.0.10-150400.4.8.1 php8-soap-debuginfo-8.0.10-150400.4.8.1 php8-sockets-8.0.10-150400.4.8.1 php8-sockets-debuginfo-8.0.10-150400.4.8.1 php8-sodium-8.0.10-150400.4.8.1 php8-sodium-debuginfo-8.0.10-150400.4.8.1 php8-sqlite-8.0.10-150400.4.8.1 php8-sqlite-debuginfo-8.0.10-150400.4.8.1 php8-sysvmsg-8.0.10-150400.4.8.1 php8-sysvmsg-debuginfo-8.0.10-150400.4.8.1 php8-sysvsem-8.0.10-150400.4.8.1 php8-sysvsem-debuginfo-8.0.10-150400.4.8.1 php8-sysvshm-8.0.10-150400.4.8.1 php8-sysvshm-debuginfo-8.0.10-150400.4.8.1 php8-test-8.0.10-150400.4.8.1 php8-tidy-8.0.10-150400.4.8.1 php8-tidy-debuginfo-8.0.10-150400.4.8.1 php8-tokenizer-8.0.10-150400.4.8.1 php8-tokenizer-debuginfo-8.0.10-150400.4.8.1 php8-xmlreader-8.0.10-150400.4.8.1 php8-xmlreader-debuginfo-8.0.10-150400.4.8.1 php8-xmlwriter-8.0.10-150400.4.8.1 php8-xmlwriter-debuginfo-8.0.10-150400.4.8.1 php8-xsl-8.0.10-150400.4.8.1 php8-xsl-debuginfo-8.0.10-150400.4.8.1 php8-zip-8.0.10-150400.4.8.1 php8-zip-debuginfo-8.0.10-150400.4.8.1 php8-zlib-8.0.10-150400.4.8.1 php8-zlib-debuginfo-8.0.10-150400.4.8.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.10-150400.4.8.1 apache2-mod_php8-debuginfo-8.0.10-150400.4.8.1 apache2-mod_php8-debugsource-8.0.10-150400.4.8.1 php8-8.0.10-150400.4.8.1 php8-bcmath-8.0.10-150400.4.8.1 php8-bcmath-debuginfo-8.0.10-150400.4.8.1 php8-bz2-8.0.10-150400.4.8.1 php8-bz2-debuginfo-8.0.10-150400.4.8.1 php8-calendar-8.0.10-150400.4.8.1 php8-calendar-debuginfo-8.0.10-150400.4.8.1 php8-cli-8.0.10-150400.4.8.1 php8-cli-debuginfo-8.0.10-150400.4.8.1 php8-ctype-8.0.10-150400.4.8.1 php8-ctype-debuginfo-8.0.10-150400.4.8.1 php8-curl-8.0.10-150400.4.8.1 php8-curl-debuginfo-8.0.10-150400.4.8.1 php8-dba-8.0.10-150400.4.8.1 php8-dba-debuginfo-8.0.10-150400.4.8.1 php8-debuginfo-8.0.10-150400.4.8.1 php8-debugsource-8.0.10-150400.4.8.1 php8-devel-8.0.10-150400.4.8.1 php8-dom-8.0.10-150400.4.8.1 php8-dom-debuginfo-8.0.10-150400.4.8.1 php8-embed-8.0.10-150400.4.8.1 php8-embed-debuginfo-8.0.10-150400.4.8.1 php8-embed-debugsource-8.0.10-150400.4.8.1 php8-enchant-8.0.10-150400.4.8.1 php8-enchant-debuginfo-8.0.10-150400.4.8.1 php8-exif-8.0.10-150400.4.8.1 php8-exif-debuginfo-8.0.10-150400.4.8.1 php8-fastcgi-8.0.10-150400.4.8.1 php8-fastcgi-debuginfo-8.0.10-150400.4.8.1 php8-fastcgi-debugsource-8.0.10-150400.4.8.1 php8-fileinfo-8.0.10-150400.4.8.1 php8-fileinfo-debuginfo-8.0.10-150400.4.8.1 php8-fpm-8.0.10-150400.4.8.1 php8-fpm-debuginfo-8.0.10-150400.4.8.1 php8-fpm-debugsource-8.0.10-150400.4.8.1 php8-ftp-8.0.10-150400.4.8.1 php8-ftp-debuginfo-8.0.10-150400.4.8.1 php8-gd-8.0.10-150400.4.8.1 php8-gd-debuginfo-8.0.10-150400.4.8.1 php8-gettext-8.0.10-150400.4.8.1 php8-gettext-debuginfo-8.0.10-150400.4.8.1 php8-gmp-8.0.10-150400.4.8.1 php8-gmp-debuginfo-8.0.10-150400.4.8.1 php8-iconv-8.0.10-150400.4.8.1 php8-iconv-debuginfo-8.0.10-150400.4.8.1 php8-intl-8.0.10-150400.4.8.1 php8-intl-debuginfo-8.0.10-150400.4.8.1 php8-ldap-8.0.10-150400.4.8.1 php8-ldap-debuginfo-8.0.10-150400.4.8.1 php8-mbstring-8.0.10-150400.4.8.1 php8-mbstring-debuginfo-8.0.10-150400.4.8.1 php8-mysql-8.0.10-150400.4.8.1 php8-mysql-debuginfo-8.0.10-150400.4.8.1 php8-odbc-8.0.10-150400.4.8.1 php8-odbc-debuginfo-8.0.10-150400.4.8.1 php8-opcache-8.0.10-150400.4.8.1 php8-opcache-debuginfo-8.0.10-150400.4.8.1 php8-openssl-8.0.10-150400.4.8.1 php8-openssl-debuginfo-8.0.10-150400.4.8.1 php8-pcntl-8.0.10-150400.4.8.1 php8-pcntl-debuginfo-8.0.10-150400.4.8.1 php8-pdo-8.0.10-150400.4.8.1 php8-pdo-debuginfo-8.0.10-150400.4.8.1 php8-pgsql-8.0.10-150400.4.8.1 php8-pgsql-debuginfo-8.0.10-150400.4.8.1 php8-phar-8.0.10-150400.4.8.1 php8-phar-debuginfo-8.0.10-150400.4.8.1 php8-posix-8.0.10-150400.4.8.1 php8-posix-debuginfo-8.0.10-150400.4.8.1 php8-readline-8.0.10-150400.4.8.1 php8-readline-debuginfo-8.0.10-150400.4.8.1 php8-shmop-8.0.10-150400.4.8.1 php8-shmop-debuginfo-8.0.10-150400.4.8.1 php8-snmp-8.0.10-150400.4.8.1 php8-snmp-debuginfo-8.0.10-150400.4.8.1 php8-soap-8.0.10-150400.4.8.1 php8-soap-debuginfo-8.0.10-150400.4.8.1 php8-sockets-8.0.10-150400.4.8.1 php8-sockets-debuginfo-8.0.10-150400.4.8.1 php8-sodium-8.0.10-150400.4.8.1 php8-sodium-debuginfo-8.0.10-150400.4.8.1 php8-sqlite-8.0.10-150400.4.8.1 php8-sqlite-debuginfo-8.0.10-150400.4.8.1 php8-sysvmsg-8.0.10-150400.4.8.1 php8-sysvmsg-debuginfo-8.0.10-150400.4.8.1 php8-sysvsem-8.0.10-150400.4.8.1 php8-sysvsem-debuginfo-8.0.10-150400.4.8.1 php8-sysvshm-8.0.10-150400.4.8.1 php8-sysvshm-debuginfo-8.0.10-150400.4.8.1 php8-test-8.0.10-150400.4.8.1 php8-tidy-8.0.10-150400.4.8.1 php8-tidy-debuginfo-8.0.10-150400.4.8.1 php8-tokenizer-8.0.10-150400.4.8.1 php8-tokenizer-debuginfo-8.0.10-150400.4.8.1 php8-xmlreader-8.0.10-150400.4.8.1 php8-xmlreader-debuginfo-8.0.10-150400.4.8.1 php8-xmlwriter-8.0.10-150400.4.8.1 php8-xmlwriter-debuginfo-8.0.10-150400.4.8.1 php8-xsl-8.0.10-150400.4.8.1 php8-xsl-debuginfo-8.0.10-150400.4.8.1 php8-zip-8.0.10-150400.4.8.1 php8-zip-debuginfo-8.0.10-150400.4.8.1 php8-zlib-8.0.10-150400.4.8.1 php8-zlib-debuginfo-8.0.10-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2021-21707.html https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1193041 https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Wed Jul 6 16:26:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:26:06 +0200 (CEST) Subject: SUSE-SU-2022:2291-1: important: Security update for python310 Message-ID: <20220706162606.03F64FDAB@maintenance.suse.de> SUSE Security Update: Security update for python310 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2291-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Module for Python3 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python310 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign '=' following an expression, but there's no trailing brace. For example, f"{i=". - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G??ry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file's encoding ("UTF-8" if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn't allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for "What's New in Python 3.X" for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove "Undocumented modules" page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan "yyyyyyyan" Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.10.4: - bpo-46968: Check for the existence of the "sys/auxv.h" header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a "zipfile.BadZipFile: Bad CRC-32 for file" exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - Update to 3.10.3: - bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo. - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by "not in" keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error. - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-45773: Remove two invalid "peephole" optimizations from the bytecode compiler. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner. - bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo - bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn't reach the end of the source when the error is reported. Patch by Pablo Galindo - bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code. - bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others). - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-45173: Note the configparser deprecations will be removed in Python 3.12. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G??ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. - bpo-46266: Improve day constants in calendar. - Now all constants (MONDAY ... SUNDAY) are documented, tested, and added to __all__. - bpo-46232: The ssl module now handles certificates with bit strings in DN correctly. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments. - bpo-14156: argparse.FileType now supports an argument of '-' in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. - bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types. - bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2291=1 - SUSE Linux Enterprise Module for Python3 15-SP4: zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2022-2291=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_10-1_0-3.10.5-150400.4.7.1 libpython3_10-1_0-debuginfo-3.10.5-150400.4.7.1 python310-3.10.5-150400.4.7.1 python310-base-3.10.5-150400.4.7.1 python310-base-debuginfo-3.10.5-150400.4.7.1 python310-core-debugsource-3.10.5-150400.4.7.1 python310-curses-3.10.5-150400.4.7.1 python310-curses-debuginfo-3.10.5-150400.4.7.1 python310-dbm-3.10.5-150400.4.7.1 python310-dbm-debuginfo-3.10.5-150400.4.7.1 python310-debuginfo-3.10.5-150400.4.7.1 python310-debugsource-3.10.5-150400.4.7.1 python310-devel-3.10.5-150400.4.7.1 python310-doc-3.10.5-150400.4.7.1 python310-doc-devhelp-3.10.5-150400.4.7.1 python310-idle-3.10.5-150400.4.7.1 python310-testsuite-3.10.5-150400.4.7.1 python310-testsuite-debuginfo-3.10.5-150400.4.7.1 python310-tk-3.10.5-150400.4.7.1 python310-tk-debuginfo-3.10.5-150400.4.7.1 python310-tools-3.10.5-150400.4.7.1 - openSUSE Leap 15.4 (x86_64): libpython3_10-1_0-32bit-3.10.5-150400.4.7.1 libpython3_10-1_0-32bit-debuginfo-3.10.5-150400.4.7.1 python310-32bit-3.10.5-150400.4.7.1 python310-32bit-debuginfo-3.10.5-150400.4.7.1 python310-base-32bit-3.10.5-150400.4.7.1 python310-base-32bit-debuginfo-3.10.5-150400.4.7.1 - SUSE Linux Enterprise Module for Python3 15-SP4 (aarch64 ppc64le s390x x86_64): libpython3_10-1_0-3.10.5-150400.4.7.1 libpython3_10-1_0-debuginfo-3.10.5-150400.4.7.1 python310-3.10.5-150400.4.7.1 python310-base-3.10.5-150400.4.7.1 python310-base-debuginfo-3.10.5-150400.4.7.1 python310-core-debugsource-3.10.5-150400.4.7.1 python310-curses-3.10.5-150400.4.7.1 python310-curses-debuginfo-3.10.5-150400.4.7.1 python310-dbm-3.10.5-150400.4.7.1 python310-dbm-debuginfo-3.10.5-150400.4.7.1 python310-debuginfo-3.10.5-150400.4.7.1 python310-debugsource-3.10.5-150400.4.7.1 python310-devel-3.10.5-150400.4.7.1 python310-idle-3.10.5-150400.4.7.1 python310-tk-3.10.5-150400.4.7.1 python310-tk-debuginfo-3.10.5-150400.4.7.1 python310-tools-3.10.5-150400.4.7.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Wed Jul 6 16:26:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:26:46 +0200 (CEST) Subject: SUSE-SU-2022:2305-1: important: Security update for curl Message-ID: <20220706162646.5070CFDAB@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2305-1 Rating: important References: #1200734 #1200735 #1200736 #1200737 Cross-References: CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVSS scores: CVE-2022-32205 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32207 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2305=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2305=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.3.1 curl-debuginfo-7.79.1-150400.5.3.1 curl-debugsource-7.79.1-150400.5.3.1 libcurl-devel-7.79.1-150400.5.3.1 libcurl4-7.79.1-150400.5.3.1 libcurl4-debuginfo-7.79.1-150400.5.3.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.3.1 libcurl4-32bit-7.79.1-150400.5.3.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.3.1 curl-debuginfo-7.79.1-150400.5.3.1 curl-debugsource-7.79.1-150400.5.3.1 libcurl-devel-7.79.1-150400.5.3.1 libcurl4-7.79.1-150400.5.3.1 libcurl4-debuginfo-7.79.1-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.3.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.3.1 References: https://www.suse.com/security/cve/CVE-2022-32205.html https://www.suse.com/security/cve/CVE-2022-32206.html https://www.suse.com/security/cve/CVE-2022-32207.html https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1200734 https://bugzilla.suse.com/1200735 https://bugzilla.suse.com/1200736 https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Wed Jul 6 16:27:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:27:39 +0200 (CEST) Subject: SUSE-SU-2022:2307-1: moderate: Security update for ldb, samba Message-ID: <20220706162739.6F532FDAB@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2307-1 Rating: moderate References: #1080338 #1118508 #1173429 #1195896 #1196224 #1196308 #1196788 #1197995 #1198255 #1199247 #1199362 Cross-References: CVE-2021-3670 CVSS scores: CVE-2021-3670 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2307=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2307=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-pcp-pmda-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-pcp-pmda-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ldb-debugsource-2.4.2-150400.4.3.11 ldb-tools-2.4.2-150400.4.3.11 ldb-tools-debuginfo-2.4.2-150400.4.3.11 libldb-devel-2.4.2-150400.4.3.11 libldb2-2.4.2-150400.4.3.11 libldb2-debuginfo-2.4.2-150400.4.3.11 libsamba-policy-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy-python3-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-2.4.2-150400.4.3.11 python3-ldb-debuginfo-2.4.2-150400.4.3.11 python3-ldb-devel-2.4.2-150400.4.3.11 samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-gpupdate-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-test-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-test-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-tool-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (aarch64 x86_64): samba-ceph-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ceph-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (noarch): samba-doc-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (x86_64): libldb2-32bit-2.4.2-150400.4.3.11 libldb2-32bit-debuginfo-2.4.2-150400.4.3.11 libsamba-policy0-python3-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-32bit-2.4.2-150400.4.3.11 python3-ldb-32bit-debuginfo-2.4.2-150400.4.3.11 samba-ad-dc-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150400.4.3.11 ldb-tools-2.4.2-150400.4.3.11 ldb-tools-debuginfo-2.4.2-150400.4.3.11 libldb-devel-2.4.2-150400.4.3.11 libldb2-2.4.2-150400.4.3.11 libldb2-debuginfo-2.4.2-150400.4.3.11 libsamba-policy-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy-python3-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-2.4.2-150400.4.3.11 python3-ldb-debuginfo-2.4.2-150400.4.3.11 python3-ldb-devel-2.4.2-150400.4.3.11 samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-gpupdate-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): samba-ceph-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ceph-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldb2-32bit-2.4.2-150400.4.3.11 libldb2-32bit-debuginfo-2.4.2-150400.4.3.11 samba-client-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 References: https://www.suse.com/security/cve/CVE-2021-3670.html https://bugzilla.suse.com/1080338 https://bugzilla.suse.com/1118508 https://bugzilla.suse.com/1173429 https://bugzilla.suse.com/1195896 https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1196308 https://bugzilla.suse.com/1196788 https://bugzilla.suse.com/1197995 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199362 From sle-updates at lists.suse.com Wed Jul 6 16:29:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:29:08 +0200 (CEST) Subject: SUSE-SU-2022:2289-1: important: Security update for MozillaFirefox Message-ID: <20220706162908.402D8FDAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2289-1 Rating: important References: #1200793 Cross-References: CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2289=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2289=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2289=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2289=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2289=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2289=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2289=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2289=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2289=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2289=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2289=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2289=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2289=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.11.0-112.119.1 MozillaFirefox-debuginfo-91.11.0-112.119.1 MozillaFirefox-debugsource-91.11.0-112.119.1 MozillaFirefox-devel-91.11.0-112.119.1 MozillaFirefox-translations-common-91.11.0-112.119.1 References: https://www.suse.com/security/cve/CVE-2022-2200.html https://www.suse.com/security/cve/CVE-2022-31744.html https://www.suse.com/security/cve/CVE-2022-34468.html https://www.suse.com/security/cve/CVE-2022-34470.html https://www.suse.com/security/cve/CVE-2022-34472.html https://www.suse.com/security/cve/CVE-2022-34478.html https://www.suse.com/security/cve/CVE-2022-34479.html https://www.suse.com/security/cve/CVE-2022-34481.html https://www.suse.com/security/cve/CVE-2022-34484.html https://bugzilla.suse.com/1200793 From sle-updates at lists.suse.com Wed Jul 6 16:29:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:29:54 +0200 (CEST) Subject: SUSE-SU-2022:2304-1: important: Security update for salt Message-ID: <20220706162954.9EFD4FDAB@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2304-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Module for Transactional Server 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2304=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2022-2304=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2304=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2304=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.8.1 salt-3004-150400.8.8.1 salt-api-3004-150400.8.8.1 salt-cloud-3004-150400.8.8.1 salt-doc-3004-150400.8.8.1 salt-master-3004-150400.8.8.1 salt-minion-3004-150400.8.8.1 salt-proxy-3004-150400.8.8.1 salt-ssh-3004-150400.8.8.1 salt-standalone-formulas-configuration-3004-150400.8.8.1 salt-syndic-3004-150400.8.8.1 salt-transactional-update-3004-150400.8.8.1 - openSUSE Leap 15.4 (noarch): salt-bash-completion-3004-150400.8.8.1 salt-fish-completion-3004-150400.8.8.1 salt-zsh-completion-3004-150400.8.8.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150400.8.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): salt-api-3004-150400.8.8.1 salt-cloud-3004-150400.8.8.1 salt-master-3004-150400.8.8.1 salt-proxy-3004-150400.8.8.1 salt-ssh-3004-150400.8.8.1 salt-standalone-formulas-configuration-3004-150400.8.8.1 salt-syndic-3004-150400.8.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): salt-fish-completion-3004-150400.8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.8.1 salt-3004-150400.8.8.1 salt-doc-3004-150400.8.8.1 salt-minion-3004-150400.8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): salt-bash-completion-3004-150400.8.8.1 salt-zsh-completion-3004-150400.8.8.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Wed Jul 6 16:30:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:30:30 +0200 (CEST) Subject: SUSE-RU-2022:2299-1: moderate: Recommended update for yast2-kdump Message-ID: <20220706163030.91948FDAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2299-1 Rating: moderate References: SLE-21644 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for yast2-kdump fixes the following issues: - Do not limit to kdumptool MaxLow when using fadump. (jsc#SLE-21644) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2299=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2299=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-kdump-4.4.4-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-kdump-4.4.4-150400.3.3.1 References: From sle-updates at lists.suse.com Wed Jul 6 16:31:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:31:04 +0200 (CEST) Subject: SUSE-SU-2022:2295-1: important: Security update for 389-ds Message-ID: <20220706163104.2827FFDAB@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2295-1 Rating: important References: #1195324 #1199889 Cross-References: CVE-2021-4091 CVE-2022-1949 CVSS scores: CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2295=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2295=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-debuginfo-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-debugsource-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-devel-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-snmp-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-snmp-debuginfo-2.0.15~git26.1ea6a6803-150400.3.5.1 lib389-2.0.15~git26.1ea6a6803-150400.3.5.1 libsvrcore0-2.0.15~git26.1ea6a6803-150400.3.5.1 libsvrcore0-debuginfo-2.0.15~git26.1ea6a6803-150400.3.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-debuginfo-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-debugsource-2.0.15~git26.1ea6a6803-150400.3.5.1 389-ds-devel-2.0.15~git26.1ea6a6803-150400.3.5.1 lib389-2.0.15~git26.1ea6a6803-150400.3.5.1 libsvrcore0-2.0.15~git26.1ea6a6803-150400.3.5.1 libsvrcore0-debuginfo-2.0.15~git26.1ea6a6803-150400.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-4091.html https://www.suse.com/security/cve/CVE-2022-1949.html https://bugzilla.suse.com/1195324 https://bugzilla.suse.com/1199889 From sle-updates at lists.suse.com Wed Jul 6 16:31:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:31:46 +0200 (CEST) Subject: SUSE-SU-2022:2296-1: important: Security update for xen Message-ID: <20220706163146.23DC5FDAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2296-1 Rating: important References: #1027519 #1199965 #1199966 Cross-References: CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2296=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2296=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2296=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.1_04-150400.4.5.2 xen-debugsource-4.16.1_04-150400.4.5.2 xen-devel-4.16.1_04-150400.4.5.2 xen-doc-html-4.16.1_04-150400.4.5.2 xen-libs-4.16.1_04-150400.4.5.2 xen-libs-debuginfo-4.16.1_04-150400.4.5.2 xen-tools-4.16.1_04-150400.4.5.2 xen-tools-debuginfo-4.16.1_04-150400.4.5.2 xen-tools-domU-4.16.1_04-150400.4.5.2 xen-tools-domU-debuginfo-4.16.1_04-150400.4.5.2 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_04-150400.4.5.2 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.1_04-150400.4.5.2 xen-libs-32bit-debuginfo-4.16.1_04-150400.4.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_04-150400.4.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.1_04-150400.4.5.2 xen-debugsource-4.16.1_04-150400.4.5.2 xen-devel-4.16.1_04-150400.4.5.2 xen-tools-4.16.1_04-150400.4.5.2 xen-tools-debuginfo-4.16.1_04-150400.4.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.1_04-150400.4.5.2 xen-libs-4.16.1_04-150400.4.5.2 xen-libs-debuginfo-4.16.1_04-150400.4.5.2 xen-tools-domU-4.16.1_04-150400.4.5.2 xen-tools-domU-debuginfo-4.16.1_04-150400.4.5.2 References: https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 From sle-updates at lists.suse.com Wed Jul 6 16:32:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:32:38 +0200 (CEST) Subject: SUSE-SU-2022:2306-1: important: Security update for openssl-3 Message-ID: <20220706163238.25A63FDAB@maintenance.suse.de> SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2306-1 Rating: important References: #1185637 #1199166 #1199167 #1199168 #1199169 #1200550 #1201099 Cross-References: CVE-2022-1292 CVE-2022-1343 CVE-2022-1434 CVE-2022-1473 CVE-2022-2068 CVE-2022-2097 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1343 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-1343 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVE-2022-1434 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-1434 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1473 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1473 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166) - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify (bsc#1199167). - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). - CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168). - CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2306=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2306=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.7.1 libopenssl3-3.0.1-150400.4.7.1 libopenssl3-debuginfo-3.0.1-150400.4.7.1 openssl-3-3.0.1-150400.4.7.1 openssl-3-debuginfo-3.0.1-150400.4.7.1 openssl-3-debugsource-3.0.1-150400.4.7.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.7.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.7.1 libopenssl3-32bit-3.0.1-150400.4.7.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.7.1 libopenssl3-3.0.1-150400.4.7.1 libopenssl3-debuginfo-3.0.1-150400.4.7.1 openssl-3-3.0.1-150400.4.7.1 openssl-3-debuginfo-3.0.1-150400.4.7.1 openssl-3-debugsource-3.0.1-150400.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-1343.html https://www.suse.com/security/cve/CVE-2022-1434.html https://www.suse.com/security/cve/CVE-2022-1473.html https://www.suse.com/security/cve/CVE-2022-2068.html https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1199167 https://bugzilla.suse.com/1199168 https://bugzilla.suse.com/1199169 https://bugzilla.suse.com/1200550 https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Wed Jul 6 16:33:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:33:44 +0200 (CEST) Subject: SUSE-SU-2022:2309-1: important: Security update for openssl Message-ID: <20220706163344.3DAB8FDAB@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2309-1 Rating: important References: #1200550 #1201099 Cross-References: CVE-2022-2068 CVE-2022-2097 CVSS scores: CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode. (bsc#1201099) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2309=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2309=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2309=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2309=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.74.1 libopenssl1_1-1.1.0i-150000.4.74.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-1.1.0i-150000.4.74.1 openssl-1_1-1.1.0i-150000.4.74.1 openssl-1_1-debuginfo-1.1.0i-150000.4.74.1 openssl-1_1-debugsource-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.74.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-150000.4.74.1 libopenssl1_1-1.1.0i-150000.4.74.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-1.1.0i-150000.4.74.1 openssl-1_1-1.1.0i-150000.4.74.1 openssl-1_1-debuginfo-1.1.0i-150000.4.74.1 openssl-1_1-debugsource-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.74.1 libopenssl1_1-1.1.0i-150000.4.74.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-1.1.0i-150000.4.74.1 openssl-1_1-1.1.0i-150000.4.74.1 openssl-1_1-debuginfo-1.1.0i-150000.4.74.1 openssl-1_1-debugsource-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.74.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.74.1 libopenssl1_1-1.1.0i-150000.4.74.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-1.1.0i-150000.4.74.1 openssl-1_1-1.1.0i-150000.4.74.1 openssl-1_1-debuginfo-1.1.0i-150000.4.74.1 openssl-1_1-debugsource-1.1.0i-150000.4.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.74.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.74.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.74.1 References: https://www.suse.com/security/cve/CVE-2022-2068.html https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1200550 https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Wed Jul 6 16:34:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:34:26 +0200 (CEST) Subject: SUSE-SU-2022:2298-1: important: Security update for liblouis Message-ID: <20220706163426.C732EFDAB@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2298-1 Rating: important References: #1197085 #1200120 Cross-References: CVE-2022-26981 CVE-2022-31783 CVSS scores: CVE-2022-26981 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26981 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-31783 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-31783 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2298=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2298=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.20.0-150400.3.3.1 liblouis-debugsource-3.20.0-150400.3.3.1 liblouis-devel-3.20.0-150400.3.3.1 liblouis-doc-3.20.0-150400.3.3.1 liblouis-tools-3.20.0-150400.3.3.1 liblouis-tools-debuginfo-3.20.0-150400.3.3.1 liblouis20-3.20.0-150400.3.3.1 liblouis20-debuginfo-3.20.0-150400.3.3.1 python3-louis-3.20.0-150400.3.3.1 - openSUSE Leap 15.4 (noarch): liblouis-data-3.20.0-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.20.0-150400.3.3.1 liblouis-debugsource-3.20.0-150400.3.3.1 liblouis-devel-3.20.0-150400.3.3.1 liblouis20-3.20.0-150400.3.3.1 liblouis20-debuginfo-3.20.0-150400.3.3.1 python3-louis-3.20.0-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): liblouis-data-3.20.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-26981.html https://www.suse.com/security/cve/CVE-2022-31783.html https://bugzilla.suse.com/1197085 https://bugzilla.suse.com/1200120 From sle-updates at lists.suse.com Wed Jul 6 16:35:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 18:35:08 +0200 (CEST) Subject: SUSE-SU-2022:2288-1: important: Security update for curl Message-ID: <20220706163508.AC8E0FDAB@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2288-1 Rating: important References: #1200735 #1200737 Cross-References: CVE-2022-32206 CVE-2022-32208 CVSS scores: CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2288=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2288=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.43.1 curl-debugsource-7.60.0-11.43.1 libcurl-devel-7.60.0-11.43.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.43.1 curl-debuginfo-7.60.0-11.43.1 curl-debugsource-7.60.0-11.43.1 libcurl4-7.60.0-11.43.1 libcurl4-debuginfo-7.60.0-11.43.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.43.1 libcurl4-debuginfo-32bit-7.60.0-11.43.1 References: https://www.suse.com/security/cve/CVE-2022-32206.html https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1200735 https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Wed Jul 6 17:39:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jul 2022 19:39:51 +0200 (CEST) Subject: SUSE-CU-2022:1410-1: Security update of suse/sles12sp5 Message-ID: <20220706173951.0A370F789@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1410-1 Container Tags : suse/sles12sp5:6.5.348 , suse/sles12sp5:latest Container Release : 6.5.348 Severity : important Type : security References : 1200735 1200737 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2288-1 Released: Wed Jul 6 12:55:49 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) The following package changes have been done: - libcurl4-7.60.0-11.43.1 updated From sle-updates at lists.suse.com Thu Jul 7 07:15:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 09:15:34 +0200 (CEST) Subject: SUSE-SU-2022:2313-1: important: Security update for MozillaFirefox Message-ID: <20220707071534.93EDEFD17@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2313-1 Rating: important References: #1200793 Cross-References: CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2313=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2313=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2313=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2313=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2313=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2313=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2313=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2313=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2313=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2313=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2313=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2313=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2313=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-branding-upstream-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-branding-upstream-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.11.0-150200.152.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.11.0-150200.152.48.1 MozillaFirefox-debuginfo-91.11.0-150200.152.48.1 MozillaFirefox-debugsource-91.11.0-150200.152.48.1 MozillaFirefox-devel-91.11.0-150200.152.48.1 MozillaFirefox-translations-common-91.11.0-150200.152.48.1 MozillaFirefox-translations-other-91.11.0-150200.152.48.1 References: https://www.suse.com/security/cve/CVE-2022-2200.html https://www.suse.com/security/cve/CVE-2022-31744.html https://www.suse.com/security/cve/CVE-2022-34468.html https://www.suse.com/security/cve/CVE-2022-34470.html https://www.suse.com/security/cve/CVE-2022-34472.html https://www.suse.com/security/cve/CVE-2022-34478.html https://www.suse.com/security/cve/CVE-2022-34479.html https://www.suse.com/security/cve/CVE-2022-34481.html https://www.suse.com/security/cve/CVE-2022-34484.html https://bugzilla.suse.com/1200793 From sle-updates at lists.suse.com Thu Jul 7 07:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 09:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2316-1: important: Security update for oracleasm Message-ID: <20220707071621.A604BFD17@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2316-1 Rating: important References: #1198581 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2316=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2316=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2316=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2316=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2316=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2316=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 - SUSE CaaS Platform 4.0 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150100.197.114-150100.7.15.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 7 07:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 09:17:52 +0200 (CEST) Subject: SUSE-SU-2022:2314-1: important: Security update for rsyslog Message-ID: <20220707071752.D571BFD17@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2314-1 Rating: important References: #1051798 #1068678 #1080238 #1082318 #1101642 #1110456 #1160414 #1178288 #1178490 #1182653 #1188039 #1199061 SLE-23304 Cross-References: CVE-2022-24903 CVSS scores: CVE-2022-24903 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 11 fixes is now available. Description: This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Upgrade to rsyslog 8.2106.0 (bsc#1188039) * NOTE: the prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * 2021-06-14: new global option "parser.supportCompressionExtension" This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * 2021-05-12: imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults. Existing configs need no modification. * 2021-05-06: imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. closes https://github.com/rsyslog/rsyslog/issues/3727 * 2021-04-29: imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. see also: https://github.com/rsyslog/rsyslog/issues/3727 * 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * 2021-04-22: refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * 2021-04-22: config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality. closes https://github.com/rsyslog/rsyslog/issues/4429 - Update to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members * new contributed module imhiredis * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * script bugfix: empty array in foreach() improperly handled * imjournal bugfixes (handle leak, empty file) * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions * some improvements to project CI - Update to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test - Update to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default - Update to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when root not an object * openssl TLS subsystem: improvments of error and status messages * add 'exists()' script function to check if variable exists * core bugfix: do not create empty JSON objects on non-existent key access * gnutls subsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error - Update to rsyslog 8.39.0 * imfile: improve truncation detection * imjournal: work around journald excessive reloading behavior * errmsg: remove no longer needed code * queue bugfix: invalid error message on queue startup * bugfix imrelp: regression with legacy configuration startup fail * bugfix imudp: stall of connection and/or potential segfault * bugfix gcry crypto driver: small memleak * fix potential misadressing in encryption subsystem * ksi subsystem changes * bugfix core: regex compile error messages could be incorrect * bugfix core: potential hang on rsyslog termination * bugfix imkafka: system hang when backgrounded * bugfix imfile: file change was not reliably detected * bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr * bugfix queue subsystem: DA queue did ignore encryption settings * bugfix KSI: lmsig-ksils12 module skips signing the last block * bugfix fmhash: function hash64mod sometimes returned wrong result * bugfix core/debug: data written to random fd 2 under some debug settings - Update to rsyslog 8.38.0: * imfile: support for endmsg.regex * omhttp: new contribued module * imrelp: add support for seting address to bind to (#894) * ommysql: support mysql unix domain socket * omusrmsg: do not fall back to max username length of 8 * various bug fixes and minor updates to other modules and core * various fixes for memory leaks - Update to rsyslog 8.36.0: * Liblogging-stdlog deprecated * OpenSSL based TLS driver added in addition to GnuTLS * GnuTLS TLS driver: support intermediate certificates * imptcp: add ability to configure socket backlog * fmhash: new hash function module * updates and fixes to various modules * omfwd: add support for bind-to-address for UDP * mmkubernetes: new module - Update to rsyslog 8.33.1: * devcontainer: use some more sensible defaults * auto-detect if running inside a container (as pid 1) * config: add include() script object * template: add option to generate json "container" * core/template: add format jsonf to constant template entries * config: add ability to disable config parameter ("config.enable") * script: permit to use environment variables during configuration * new global config parameter "shutdown.enable.ctlc" * config optimizer: detect totally empty "if" statements and optimize them out * template: constant entry can now also be formatted as json field * omstdout: support for new-style configuration parameters added * core: set TZ on startup if not already set * imjournal bugfix: file handle leak during journal rotation * lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected * script bugfix: replace() function worked incorrectly in some cases * core bugfix: misadressing in external command parser * core bugfix: small memory leak in external command parser * core bugfix: string not properly terminated when RFC5424 MSGID is used * bugfix: strndup() compatibility layer func copies too much - Update to rsyslog 8.32.0 * libfastjson 0.99.8 required * libczmq >= 3.0.2 is now required for omczmq * libcurl is now needed for rsyslog core * rsyslogd: add capability to specify that no pid file shall be written * core improvements and bug fixes * RainerScript improvements and bug fixes * build fixes, including gcc7 fixes * various bug fixes in multiple modules * imudp: fix segfault in ratelimit code - Update to rsyslog 8.30.0 * changed behaviour: all variables are now case-insensitive by default * core: handle (JSON) variables in case-insensitive way * imjournal: made switching to persistent journal in runtime possible * mmanon: complete refactor and enhancements * imfile: add "fileoffset" metadata * RainerScript: add ltrim and rtrim functions * core: report module name when suspending action * core: add ability to limit number of error messages going to stderr * tcpsrv subsystem: improvate clarity of some error messages * imptcp: include module name in error msg * imtcp: include module name in error msg * tls improvement: better error message if certificate file cannot be read * omfwd: slightly improved error messages during config parsing * ommysql improvements * ommysql bugfix: do not duplicate entries on failed transaction * imtcp bugfix: parameter priorityString was ignored * template/bugfix: invalid template option conflict detection * core/actions: fix handling of data-induced errors * core/action bugfix: no "action suspended" message during retry processing * core/action: if commitTransaction fails, try individual messages * core/ratelimit bugfix: race can lead to segfault * core bugfix: rsyslog aborts if errmsg is generated in early startup * core bugfix: informational messages was logged with error severity * core bugfix: --enable-debugless build was broken * queue bugfix: file write error message was incorrect * omrelp bugfix: segfault when rebindinterval parameter is used * omkafka bugfix: invalid load of failedmsg file on startup if disabled * kafka bugfix: problem on invalid kafka configuration values * imudp bugfix: UDP oversize message not properly handled * core bugfix: memory corruption during configuration parsing * core bugfix: race on worker thread termination during shutdown * omelasticsearch: avoid ES5 warnings while sending json in bulkmode * omelasticsearch bugfix: incompatibility with newer ElasticSearch version * imptcp bugfix: invalid mutex addressing on some platforms * imptcp bugfix: do not accept missing port in legacy listener definition - Update to rsyslog 8.29.0: * imptcp: add experimental parameter "multiline" * imptcp: framing-related error messages now also indicate remote peer * imtcp: framing-related error messages now also indicate remote peer * imptcp: add session statistics conunter * imtcp: add ability to specify GnuTLS priority string * impstats: add new ressoure counter "openfiles" * pmnormalize: new parser module * core/queue: provide informational messages on thread startup and shutdown * omfwd/udp: improve error reporting, depricate maxerrormessages parameter * core: add parameters debug.file and debug.whitelist * core/net.c: improve UDP socket creation error messages * omfwd/udp: add "udp.sendbuf" parameter * core: make rsyslog internal message rate-limiter configurable * omelasticsearch bugfixes and changed ES5 API support + avoid 404 during health check + avoid ES5 warnings while sending json + bugfix for memomry leak while writing error file * imfile bugfix: wildcard detection issue on path wildcards * omfwd bugfix: always give reason for suspension * omfwd bugfix: configured compression level was not properly used * imptcp bugfix: potential socket leak on session shutdown * omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode * imklog: fix permitnonkernelfacility not working * impstats bugfix: impstats does not handle HUP * core bugfix: segfault after configuration errors * core/queue bugfixes * lmsig_ksi: removed pre-KSI_LS12 components - Update to rsyslog 8.28.0 * omfwd: add parameter "tcp_frameDelimiter" * omkafka: large refactor of kafka subsystem * imfile: improved handling of atomically renamed file (w/ wildcards) * imfile: add capability to truncate oversize messages or split into multiple * mmdblookup fixes and extensions * bugfix: fixed multiple memory leaks * imptcp: add new parameter "flowControl" * imrelp: add "maxDataSize" config parameter * multiple modules: gtls: improve error if certificate file can't be opened * omsnare: allow different tab escapes * omelasticsearch: converted to use libfastjson instead of json-c * imjournal: _PID fallback * added fallback for _PID proprety when SYSLOG_PID is not available * introduced new option "usepid" which sets which property should rsyslog use, it has 3 states system|syslog|both, default is both * deprecated "usepidfromsystem" option, still can be used and override the "usepid" * it is possible to revert previous default with usepid="syslog" * multiple modules: add better error messages when regcomp is failing * omhiredis: fix build warnings * imfile bugfix: files mv-ed in into directory were not handled * omprog bugfix: execve() incorrectly called * imfile bugfix: multiline timeout did not work if state file exists * lmsig_ksi-ls12 bugfix: build problems on some platforms * core bugfix: invalid object type assertion * regression fix: local hostname was not always detected properly... * bugfix: format security issues in zmq3 modules * bugfix build system: add libksi only to those binaries that need it * bugfix KSI ls12 components: invalid tree height calculation * bugfix imfile: fix multiline timeout code - Update to rsyslog 8.27.0 - imkafka: add module - imptcp enhancements: * optionally emit an error message if incoming messages are truncated * optionally emit connection tracking message (on connection create and close) * add "maxFrameSize" parameter to specify the maximum size permitted in octet-counted mode * add parameter "discardTruncatedMsg" to permit truncation of oversize messages * improve octect-counted mode detection: if the octet count is larger then the set frame size (or overly large in general), it is now assumed that octet-stuffing mode is used. This probably solves a number of issues seen in real deployments. - imtcp enhancements: * add parameter "discardTruncatedMsg" to permit truncation of oversize messages * add "maxFrameSize" parameter to specify the maximum size permitted in octet-counted mode - imfile bugfix: "file not found error" repeatedly being reported for configured non-existing file. In polling mode, this message appeared once in each polling cycle, causing a potentially very large amout of error messages. Note that they were usually emitted too infrequently to trigger the error message rate limiter, albeit often enough to be a major annoance. - imfile: in inotify mode, add error message if configured file cannot be found - imfile: add parameter "fileNotFoundError" to optinally disable "file not found" error messages - core: replaced gethostbyname() with getaddrinfo() call Gethostbyname() is generally considered obsolete, is not reentrant and cannot really work with IPv6. Changed the only place in rsyslog where this call remained. Thanks to github user jvymazal for the patch - omkafka: add "origin" field to stats output See also https://github.com/rsyslog/rsyslog/issues/1508 Thanks to Yury Bushmelev for providing the patch. - imuxsock: rate-limiting also uses process name both for the actual limit procesing as well as warning messages emitted see also https://github.com/rsyslog/rsyslog/pull/1520 Thanks to github user jvymazal for the patch - Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12) - rsylsog base functionality now builds on osx (Mac) Thanks to github user hdatma for his help in getting this done. - build now works on solaris again - imfile: fix cross-platform build issue see also https://github.com/rsyslog/rsyslog/issues/1494 Thanks to Felix Janda for bug report and solution suggestion. - bugfix core: segfault when no parser could parse message - core bugfix: memory leak when internal messages not processed internally - Update to rsyslog 8.26.0: * liblognorm 2.0.3 is required for mmnormalize * enable internal error messages at all times * core: added logging name of source of rate-limited messages * omfwd: omfwd: add support for network namespaces * imrelp: honor input name if provided when submitting to impstats * imptcp: add ability to set owner/group/access perms for uds * mmnormalize: add ability to load a rulebase from action() parameter * pmrfc3164 improvements + permit to ignore leading space in MSG + permit to use at-sign in host names + permit to require tag to end in colon * add new global parameter "umask" * core: make use of -T command line option more secure * omfile: add error if both file and dynafile are set * bugfix: build problem on MacOS (not a supported platform) * regression fix: in 8.25, str2num() returned error on empty string * bugfix omsnmp: improper handling of new-style configuration parameters * bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages * bugfix imfile: wrong files were monitored when using multiple imfile inputs * bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults * bugfix: immark emitted error messages with text "imuxsock" * bugfix tcpflood: build failed if RELP was disabled * fix gcc6 compiler warnings * the output module array passing interface has been removed - Update to rsyslog 8.25.0: * imfile: add support for wildcards in directory names * add new global option "parser.PermitSlashInProgramname" * mmdblookup: fix build issues, code cleanup * improved debug output for queue corruption cases * an error message is now displayed when a directory owner cannot be set * rainerscript: add new function ipv42num * rainerscript: add new function num2ipv4 * bugfix: ratelimiter does not work correctly is time is set back * core: fix potential message loss in old-style transactional interface * bugfix queue subsystem: queue corrupted if certain msg props are used * bugfix imjournal: fixed situation when time goes backwards * bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer * bugfix core: str2num mishandling empty strings * bugfix rainerscript: set/unset statement do not check variable name validity * bugfix mmrm1stspace: last character of rawmsg property was doubled * bugfix imtcp: fix very small (cosmetic) memory leak * However, the leak breaks memleak checks in the testbench. * fix segfault in libc Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2314=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-8.5.2 rsyslog-debuginfo-8.2106.0-8.5.2 rsyslog-debugsource-8.2106.0-8.5.2 rsyslog-diag-tools-8.2106.0-8.5.2 rsyslog-diag-tools-debuginfo-8.2106.0-8.5.2 rsyslog-doc-8.2106.0-8.5.2 rsyslog-module-gssapi-8.2106.0-8.5.2 rsyslog-module-gssapi-debuginfo-8.2106.0-8.5.2 rsyslog-module-gtls-8.2106.0-8.5.2 rsyslog-module-gtls-debuginfo-8.2106.0-8.5.2 rsyslog-module-mmnormalize-8.2106.0-8.5.2 rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.5.2 rsyslog-module-mysql-8.2106.0-8.5.2 rsyslog-module-mysql-debuginfo-8.2106.0-8.5.2 rsyslog-module-pgsql-8.2106.0-8.5.2 rsyslog-module-pgsql-debuginfo-8.2106.0-8.5.2 rsyslog-module-relp-8.2106.0-8.5.2 rsyslog-module-relp-debuginfo-8.2106.0-8.5.2 rsyslog-module-snmp-8.2106.0-8.5.2 rsyslog-module-snmp-debuginfo-8.2106.0-8.5.2 rsyslog-module-udpspoof-8.2106.0-8.5.2 rsyslog-module-udpspoof-debuginfo-8.2106.0-8.5.2 References: https://www.suse.com/security/cve/CVE-2022-24903.html https://bugzilla.suse.com/1051798 https://bugzilla.suse.com/1068678 https://bugzilla.suse.com/1080238 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1101642 https://bugzilla.suse.com/1110456 https://bugzilla.suse.com/1160414 https://bugzilla.suse.com/1178288 https://bugzilla.suse.com/1178490 https://bugzilla.suse.com/1182653 https://bugzilla.suse.com/1188039 https://bugzilla.suse.com/1199061 From sle-updates at lists.suse.com Thu Jul 7 07:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 09:19:19 +0200 (CEST) Subject: SUSE-SU-2022:2315-1: important: Security update for oracleasm Message-ID: <20220707071919.72D52FD17@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2315-1 Rating: important References: #1198581 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2315=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2315=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2315=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2315=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2315=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2315=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2315=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2315=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2315=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Manager Proxy 4.1 (x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150200.24.115-150200.13.11.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 7 07:45:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 09:45:35 +0200 (CEST) Subject: SUSE-CU-2022:1413-1: Security update of suse/sle15 Message-ID: <20220707074535.02F2BFD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1413-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.577 Container Release : 4.22.577 Severity : important Type : security References : 1200550 1201099 CVE-2022-2068 CVE-2022-2097 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2309-1 Released: Wed Jul 6 14:15:37 2022 Summary: Security update for openssl Type: security Severity: important References: 1200550,1201099,CVE-2022-2068,CVE-2022-2097 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode. (bsc#1201099) The following package changes have been done: - libopenssl1_1-1.1.0i-150000.4.74.1 updated - openssl-1_1-1.1.0i-150000.4.74.1 updated From sle-updates at lists.suse.com Thu Jul 7 08:12:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:12:49 +0200 (CEST) Subject: SUSE-CU-2022:1414-1: Security update of suse/sle15 Message-ID: <20220707081249.66611FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1414-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.638 Container Release : 6.2.638 Severity : important Type : security References : 1201099 CVE-2022-2097 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.36.1 updated - openssl-1_1-1.1.0i-150100.14.36.1 updated From sle-updates at lists.suse.com Thu Jul 7 08:13:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:13:00 +0200 (CEST) Subject: SUSE-CU-2022:1415-1: Security update of suse/389-ds Message-ID: <20220707081300.F06CFFD17@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1415-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.9 , suse/389-ds:latest Container Release : 14.9 Severity : important Type : security References : 1185637 1195324 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1199889 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2021-4091 CVE-2022-1292 CVE-2022-1949 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2295-1 Released: Wed Jul 6 13:34:38 2022 Summary: Security update for 389-ds Type: security Severity: important References: 1195324,1199889,CVE-2021-4091,CVE-2022-1949 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libsvrcore0-2.0.15~git26.1ea6a6803-150400.3.5.1 updated - lib389-2.0.15~git26.1ea6a6803-150400.3.5.1 updated - 389-ds-2.0.15~git26.1ea6a6803-150400.3.5.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:13:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:13:14 +0200 (CEST) Subject: SUSE-CU-2022:1416-1: Security update of bci/dotnet-aspnet Message-ID: <20220707081314.4650AFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1416-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-16.9 , bci/dotnet-aspnet:3.1.26 , bci/dotnet-aspnet:3.1.26-16.9 Container Release : 16.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:13:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:13:29 +0200 (CEST) Subject: SUSE-CU-2022:1417-1: Security update of bci/dotnet-aspnet Message-ID: <20220707081329.72968FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1417-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.9 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.9 Container Release : 10.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:13:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:13:36 +0200 (CEST) Subject: SUSE-CU-2022:1418-1: Security update of bci/dotnet-aspnet Message-ID: <20220707081336.9B193FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1418-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.7 , bci/dotnet-aspnet:6.0.6 , bci/dotnet-aspnet:6.0.6-17.7 , bci/dotnet-aspnet:latest Container Release : 17.7 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:13:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:13:54 +0200 (CEST) Subject: SUSE-CU-2022:1419-1: Security update of bci/dotnet-sdk Message-ID: <20220707081354.28D84FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1419-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-16.9 , bci/dotnet-sdk:3.1.26 , bci/dotnet-sdk:3.1.26-16.9 Container Release : 16.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:14:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:14:07 +0200 (CEST) Subject: SUSE-CU-2022:1420-1: Security update of bci/dotnet-sdk Message-ID: <20220707081407.3BA40FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1420-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.9 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.9 Container Release : 10.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:14:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:14:21 +0200 (CEST) Subject: SUSE-CU-2022:1421-1: Security update of bci/dotnet-sdk Message-ID: <20220707081421.EA37DFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1421-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-19.7 , bci/dotnet-sdk:6.0.6 , bci/dotnet-sdk:6.0.6-19.7 , bci/dotnet-sdk:latest Container Release : 19.7 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:14:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:14:35 +0200 (CEST) Subject: SUSE-CU-2022:1422-1: Security update of bci/dotnet-runtime Message-ID: <20220707081435.E24C0FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1422-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-15.9 , bci/dotnet-runtime:3.1.26 , bci/dotnet-runtime:3.1.26-15.9 Container Release : 15.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:14:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:14:42 +0200 (CEST) Subject: SUSE-CU-2022:1423-1: Security update of bci/dotnet-runtime Message-ID: <20220707081442.34947FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1423-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.9 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.9 Container Release : 10.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:14:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:14:50 +0200 (CEST) Subject: SUSE-CU-2022:1424-1: Security update of bci/dotnet-runtime Message-ID: <20220707081450.4F9E5FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1424-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.9 , bci/dotnet-runtime:6.0.6 , bci/dotnet-runtime:6.0.6-16.9 , bci/dotnet-runtime:latest Container Release : 16.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:15:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:15:10 +0200 (CEST) Subject: SUSE-CU-2022:1425-1: Security update of bci/golang Message-ID: <20220707081510.1D1ECFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1425-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.9 Container Release : 13.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:15:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:15:29 +0200 (CEST) Subject: SUSE-CU-2022:1426-1: Security update of bci/golang Message-ID: <20220707081529.89A66FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1426-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.9 Container Release : 12.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:15:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:15:48 +0200 (CEST) Subject: SUSE-CU-2022:1427-1: Security update of bci/golang Message-ID: <20220707081548.69555FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1427-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.9 , bci/golang:latest Container Release : 7.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:16:06 +0200 (CEST) Subject: SUSE-CU-2022:1429-1: Security update of bci/bci-init Message-ID: <20220707081606.31091FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1429-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.18.4 , bci/bci-init:latest Container Release : 18.4 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:16:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:16:13 +0200 (CEST) Subject: SUSE-CU-2022:1430-1: Security update of bci/nodejs Message-ID: <20220707081613.D1686FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1430-1 Container Tags : bci/node:16 , bci/node:16-8.9 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.9 , bci/nodejs:latest Container Release : 8.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:16:39 +0200 (CEST) Subject: SUSE-CU-2022:1431-1: Security update of bci/openjdk-devel Message-ID: <20220707081639.50EABFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1431-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.20 , bci/openjdk-devel:latest Container Release : 14.20 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:bci-openjdk-11-11-12.9 updated From sle-updates at lists.suse.com Thu Jul 7 08:16:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:16:56 +0200 (CEST) Subject: SUSE-CU-2022:1433-1: Security update of bci/openjdk Message-ID: <20220707081656.03324FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1433-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.9 , bci/openjdk:latest Container Release : 12.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:17:07 +0200 (CEST) Subject: SUSE-CU-2022:1435-1: Security update of bci/python Message-ID: <20220707081707.9D8F1FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1435-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.10 , bci/python:latest Container Release : 4.10 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1198511 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2015-20107 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2291-1 Released: Wed Jul 6 13:04:37 2022 Summary: Security update for python310 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python310 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign '=' following an expression, but there's no trailing brace. For example, f'{i='. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like '\N{digit nine}' after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G?ry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file's encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn't allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for 'What's New in Python 3.X' for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.10.4: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - Update to 3.10.3: - bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo. - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by 'not in' keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error. - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-45773: Remove two invalid 'peephole' optimizations from the bytecode compiler. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner. - bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo - bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn't reach the end of the source when the error is reported. Patch by Pablo Galindo - bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code. - bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others). - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-45173: Note the configparser deprecations will be removed in Python 3.12. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G?ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. - bpo-46266: Improve day constants in calendar. - Now all constants (MONDAY ... SUNDAY) are documented, tested, and added to __all__. - bpo-46232: The ssl module now handles certificates with bit strings in DN correctly. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments. - bpo-14156: argparse.FileType now supports an argument of '-' in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. - bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types. - bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - curl-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libpython3_10-1_0-3.10.5-150400.4.7.1 updated - python310-base-3.10.5-150400.4.7.1 updated - python310-3.10.5-150400.4.7.1 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:17:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:17:15 +0200 (CEST) Subject: SUSE-CU-2022:1436-1: Security update of bci/python Message-ID: <20220707081715.24DADFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1436-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.9 Container Release : 12.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - curl-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:35:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:35:39 +0200 (CEST) Subject: SUSE-CU-2022:1436-1: Security update of bci/python Message-ID: <20220707083539.10B47FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1436-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.9 Container Release : 12.9 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - curl-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:36:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:36:01 +0200 (CEST) Subject: SUSE-CU-2022:1437-1: Security update of bci/ruby Message-ID: <20220707083601.03312FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1437-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.7 , bci/ruby:latest Container Release : 10.7 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - curl-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Thu Jul 7 08:36:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 10:36:08 +0200 (CEST) Subject: SUSE-CU-2022:1438-1: Security update of suse/sle15 Message-ID: <20220707083608.6D17AFD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1438-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.8.3 , suse/sle15:15.4 , suse/sle15:15.4.27.8.3 Container Release : 27.8.3 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.79.1-150400.5.3.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libopenssl1_1-1.1.1l-150400.7.7.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated From sle-updates at lists.suse.com Thu Jul 7 13:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:16:20 +0200 (CEST) Subject: SUSE-SU-2022:2319-1: important: Security update for crash Message-ID: <20220707131620.20D46FD17@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2319-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2319=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2319=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-8.16.1 crash-debugsource-7.2.1-8.16.1 crash-devel-7.2.1-8.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): crash-7.2.1-8.16.1 crash-debuginfo-7.2.1-8.16.1 crash-debugsource-7.2.1-8.16.1 crash-kmp-default-7.2.1_k4.12.14_122.124-8.16.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_122.124-8.16.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): crash-gcore-7.2.1-8.16.1 crash-gcore-debuginfo-7.2.1-8.16.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 7 13:16:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:16:55 +0200 (CEST) Subject: SUSE-SU-2022:2318-1: important: Security update for crash Message-ID: <20220707131655.41862FD17@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2318-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2318=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2318=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2318=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2318=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): crash-7.2.1-4.14.1 crash-debuginfo-7.2.1-4.14.1 crash-debugsource-7.2.1-4.14.1 crash-gcore-7.2.1-4.14.1 crash-gcore-debuginfo-7.2.1-4.14.1 crash-kmp-default-7.2.1_k4.12.14_95.99-4.14.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.99-4.14.1 - SUSE OpenStack Cloud 9 (x86_64): crash-7.2.1-4.14.1 crash-debuginfo-7.2.1-4.14.1 crash-debugsource-7.2.1-4.14.1 crash-gcore-7.2.1-4.14.1 crash-gcore-debuginfo-7.2.1-4.14.1 crash-kmp-default-7.2.1_k4.12.14_95.99-4.14.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.99-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): crash-7.2.1-4.14.1 crash-debuginfo-7.2.1-4.14.1 crash-debugsource-7.2.1-4.14.1 crash-kmp-default-7.2.1_k4.12.14_95.99-4.14.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.99-4.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): crash-gcore-7.2.1-4.14.1 crash-gcore-debuginfo-7.2.1-4.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): crash-7.2.1-4.14.1 crash-debuginfo-7.2.1-4.14.1 crash-debugsource-7.2.1-4.14.1 crash-kmp-default-7.2.1_k4.12.14_95.99-4.14.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.99-4.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): crash-gcore-7.2.1-4.14.1 crash-gcore-debuginfo-7.2.1-4.14.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 7 13:17:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:17:37 +0200 (CEST) Subject: SUSE-SU-2022:2320-1: important: Security update for MozillaThunderbird Message-ID: <20220707131737.D024DFD17@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2320-1 Rating: important References: #1200793 Cross-References: CVE-2022-2200 CVE-2022-2226 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2320=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2320=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2320=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2320=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2320=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2320=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.11.0-150200.8.76.1 MozillaThunderbird-debuginfo-91.11.0-150200.8.76.1 MozillaThunderbird-debugsource-91.11.0-150200.8.76.1 MozillaThunderbird-translations-common-91.11.0-150200.8.76.1 MozillaThunderbird-translations-other-91.11.0-150200.8.76.1 References: https://www.suse.com/security/cve/CVE-2022-2200.html https://www.suse.com/security/cve/CVE-2022-2226.html https://www.suse.com/security/cve/CVE-2022-31744.html https://www.suse.com/security/cve/CVE-2022-34468.html https://www.suse.com/security/cve/CVE-2022-34470.html https://www.suse.com/security/cve/CVE-2022-34472.html https://www.suse.com/security/cve/CVE-2022-34478.html https://www.suse.com/security/cve/CVE-2022-34479.html https://www.suse.com/security/cve/CVE-2022-34481.html https://www.suse.com/security/cve/CVE-2022-34484.html https://bugzilla.suse.com/1200793 From sle-updates at lists.suse.com Thu Jul 7 13:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:18:30 +0200 (CEST) Subject: SUSE-SU-2022:2321-1: moderate: Security update for openssl-1_0_0 Message-ID: <20220707131830.AE16FFD17@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2321-1 Rating: moderate References: #1199166 #1200550 Cross-References: CVE-2022-1292 CVE-2022-2068 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2321=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2321=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2321=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2321=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2321=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2321=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2321=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2321=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2321=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2321=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2321=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2321=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2321=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2321=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2321=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2321=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl10-1.0.2p-150000.3.56.1 libopenssl10-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-hmac-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-cavs-1.0.2p-150000.3.56.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - openSUSE Leap 15.4 (noarch): openssl-1_0_0-doc-1.0.2p-150000.3.56.1 - openSUSE Leap 15.4 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.56.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl10-1.0.2p-150000.3.56.1 libopenssl10-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-hmac-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-cavs-1.0.2p-150000.3.56.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - openSUSE Leap 15.3 (noarch): openssl-1_0_0-doc-1.0.2p-150000.3.56.1 - openSUSE Leap 15.3 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.56.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.56.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl10-1.0.2p-150000.3.56.1 libopenssl10-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl10-1.0.2p-150000.3.56.1 libopenssl10-debuginfo-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 libopenssl1_0_0-1.0.2p-150000.3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-1.0.2p-150000.3.56.1 openssl-1_0_0-debuginfo-1.0.2p-150000.3.56.1 openssl-1_0_0-debugsource-1.0.2p-150000.3.56.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Thu Jul 7 13:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:19:20 +0200 (CEST) Subject: SUSE-SU-2022:2322-1: important: Security update for fwupd Message-ID: <20220707131920.735A8FD17@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2322-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2322=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2322=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2322=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2322=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fwupdtpmevlog-1.5.8-150300.3.5.1 fwupdtpmevlog-debuginfo-1.5.8-150300.3.5.1 libfwupdplugin1-1.5.8-150300.3.5.1 libfwupdplugin1-debuginfo-1.5.8-150300.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dfu-tool-1.5.8-150300.3.5.1 dfu-tool-debuginfo-1.5.8-150300.3.5.1 fwupd-1.5.8-150300.3.5.1 fwupd-debuginfo-1.5.8-150300.3.5.1 fwupd-debugsource-1.5.8-150300.3.5.1 fwupd-devel-1.5.8-150300.3.5.1 fwupdtpmevlog-1.5.8-150300.3.5.1 fwupdtpmevlog-debuginfo-1.5.8-150300.3.5.1 libfwupd2-1.5.8-150300.3.5.1 libfwupd2-debuginfo-1.5.8-150300.3.5.1 libfwupdplugin1-1.5.8-150300.3.5.1 libfwupdplugin1-debuginfo-1.5.8-150300.3.5.1 typelib-1_0-Fwupd-2_0-1.5.8-150300.3.5.1 typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.5.1 - openSUSE Leap 15.3 (noarch): fwupd-lang-1.5.8-150300.3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): fwupd-debuginfo-1.5.8-150300.3.5.1 fwupd-debugsource-1.5.8-150300.3.5.1 fwupdtpmevlog-1.5.8-150300.3.5.1 fwupdtpmevlog-debuginfo-1.5.8-150300.3.5.1 libfwupdplugin1-1.5.8-150300.3.5.1 libfwupdplugin1-debuginfo-1.5.8-150300.3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fwupd-1.5.8-150300.3.5.1 fwupd-debuginfo-1.5.8-150300.3.5.1 fwupd-debugsource-1.5.8-150300.3.5.1 fwupd-devel-1.5.8-150300.3.5.1 fwupdtpmevlog-1.5.8-150300.3.5.1 fwupdtpmevlog-debuginfo-1.5.8-150300.3.5.1 libfwupd2-1.5.8-150300.3.5.1 libfwupd2-debuginfo-1.5.8-150300.3.5.1 libfwupdplugin1-1.5.8-150300.3.5.1 libfwupdplugin1-debuginfo-1.5.8-150300.3.5.1 typelib-1_0-Fwupd-2_0-1.5.8-150300.3.5.1 typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): fwupd-lang-1.5.8-150300.3.5.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 7 13:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 15:20:06 +0200 (CEST) Subject: SUSE-RU-2022:2323-1: Recommended update for systemd-presets-branding-SLE Message-ID: <20220707132006.E1AA1FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2323-1 Rating: low References: SLE-23312 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2323=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2323=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2323=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2323=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2323=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2323=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2323=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2323=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2323=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2323=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2323=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2323=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2323=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2323=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2323=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2323=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2323=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2323=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2323=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - openSUSE Leap 15.3 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Manager Server 4.1 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Manager Retail Branch Server 4.1 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Manager Proxy 4.1 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Enterprise Storage 7 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE Enterprise Storage 6 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 - SUSE CaaS Platform 4.0 (noarch): systemd-presets-branding-SLE-15.1-150100.20.11.1 References: From sle-updates at lists.suse.com Thu Jul 7 16:15:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 18:15:57 +0200 (CEST) Subject: SUSE-SU-2022:2325-1: important: Security update for resource-agents Message-ID: <20220707161557.95457FDCF@maintenance.suse.de> SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2325-1 Rating: important References: #1146691 #1196164 #1197956 #1199766 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in (bsc#1146691). - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766) - Implement options to disable DAD and to allow sending NA in the background (bsc#1196164) - Imporove error message if monpassword was not set (bsc#1197956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2325=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2325=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.7.1 - openSUSE Leap 15.4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.7.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.7.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.7.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.7.1 References: https://bugzilla.suse.com/1146691 https://bugzilla.suse.com/1196164 https://bugzilla.suse.com/1197956 https://bugzilla.suse.com/1199766 From sle-updates at lists.suse.com Thu Jul 7 16:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 18:16:44 +0200 (CEST) Subject: SUSE-SU-2022:2326-1: important: Security update for resource-agents Message-ID: <20220707161644.67DD9FDCF@maintenance.suse.de> SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2326-1 Rating: important References: #1146691 #1196164 #1199766 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Predictable log file in /tmp in mariadb.in (bsc#1146691). - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766) - Implement options to disable DAD and to allow sending NA in the background (bsc#1196164) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2326=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2326=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.28.1 - openSUSE Leap 15.3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.28.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.28.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.28.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.28.1 References: https://bugzilla.suse.com/1146691 https://bugzilla.suse.com/1196164 https://bugzilla.suse.com/1199766 From sle-updates at lists.suse.com Thu Jul 7 16:17:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 18:17:31 +0200 (CEST) Subject: SUSE-SU-2022:2328-1: important: Security update for openssl-1_1 Message-ID: <20220707161731.D7250FDCF@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2328-1 Rating: important References: #1201099 Cross-References: CVE-2022-2097 CVSS scores: CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2328=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2328=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2328=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2328=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2328=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2328=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2328=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2328=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2328=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2328=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2328=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2328=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2328=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - openSUSE Leap 15.3 (noarch): openssl-1_1-doc-1.1.1d-150200.11.51.1 - openSUSE Leap 15.3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Manager Server 4.1 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-150200.11.51.1 libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1201099 From sle-updates at lists.suse.com Thu Jul 7 16:18:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 18:18:22 +0200 (CEST) Subject: SUSE-SU-2022:2327-1: important: Security update for curl Message-ID: <20220707161822.B16C6FDCF@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2327-1 Rating: important References: #1200735 #1200737 Cross-References: CVE-2022-32206 CVE-2022-32208 CVSS scores: CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2327=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2327=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2327=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2327=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2327=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2327=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2327=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2327=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2327=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2327=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2327=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2327=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2327=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Manager Server 4.1 (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Manager Proxy 4.1 (x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): curl-7.66.0-150200.4.36.1 curl-debuginfo-7.66.0-150200.4.36.1 curl-debugsource-7.66.0-150200.4.36.1 libcurl-devel-7.66.0-150200.4.36.1 libcurl4-7.66.0-150200.4.36.1 libcurl4-debuginfo-7.66.0-150200.4.36.1 - SUSE Enterprise Storage 7 (x86_64): libcurl4-32bit-7.66.0-150200.4.36.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.36.1 References: https://www.suse.com/security/cve/CVE-2022-32206.html https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1200735 https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Thu Jul 7 19:15:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 21:15:33 +0200 (CEST) Subject: SUSE-RU-2022:2330-1: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220707191533.E1342FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2330-1 Rating: low References: #1020320 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111, 5_3_18-150200_24_112, 5_3_18-150300_59_60, 5_3_18-150300_59_63. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2330=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2330=1 Package List: - openSUSE Leap 15.4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - openSUSE Leap 15.3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Thu Jul 7 19:16:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 21:16:07 +0200 (CEST) Subject: SUSE-SU-2022:2331-1: important: Security update for rsyslog Message-ID: <20220707191607.928E7FDCF@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2331-1 Rating: important References: #1199061 Cross-References: CVE-2022-24903 CVSS scores: CVE-2022-24903 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2331=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2331=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2331=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2331=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2331=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2331=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2331=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2331=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mmnormalize-8.24.0-3.58.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE OpenStack Cloud 9 (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mmnormalize-8.24.0-3.58.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE OpenStack Cloud 8 (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mmnormalize-8.24.0-3.58.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mmnormalize-8.24.0-3.58.2 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 - HPE Helion Openstack 8 (x86_64): rsyslog-8.24.0-3.58.2 rsyslog-debuginfo-8.24.0-3.58.2 rsyslog-debugsource-8.24.0-3.58.2 rsyslog-diag-tools-8.24.0-3.58.2 rsyslog-diag-tools-debuginfo-8.24.0-3.58.2 rsyslog-doc-8.24.0-3.58.2 rsyslog-module-gssapi-8.24.0-3.58.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.58.2 rsyslog-module-gtls-8.24.0-3.58.2 rsyslog-module-gtls-debuginfo-8.24.0-3.58.2 rsyslog-module-mysql-8.24.0-3.58.2 rsyslog-module-mysql-debuginfo-8.24.0-3.58.2 rsyslog-module-pgsql-8.24.0-3.58.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.58.2 rsyslog-module-relp-8.24.0-3.58.2 rsyslog-module-relp-debuginfo-8.24.0-3.58.2 rsyslog-module-snmp-8.24.0-3.58.2 rsyslog-module-snmp-debuginfo-8.24.0-3.58.2 rsyslog-module-udpspoof-8.24.0-3.58.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.58.2 References: https://www.suse.com/security/cve/CVE-2022-24903.html https://bugzilla.suse.com/1199061 From sle-updates at lists.suse.com Thu Jul 7 19:16:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jul 2022 21:16:49 +0200 (CEST) Subject: SUSE-RU-2022:2329-1: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220707191649.B6834FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2329-1 Rating: low References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111, 5_3_18-150200_24_112, 5_3_18-150300_59_60, 5_3_18-150300_59_63. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2330=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2330=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2330=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2330=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2330=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2329=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2329=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2022-2329=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-2329=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.75.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.109.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.109.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.109.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.109.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Fri Jul 8 07:27:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:27:05 +0200 (CEST) Subject: SUSE-CU-2022:1439-1: Security update of suse/sle15 Message-ID: <20220708072705.781B1FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1439-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.160 Container Release : 9.5.160 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated From sle-updates at lists.suse.com Fri Jul 8 07:31:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:31:16 +0200 (CEST) Subject: SUSE-CU-2022:1441-1: Security update of bci/bci-init Message-ID: <20220708073116.20803FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1441-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.16.5 Container Release : 16.5 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - container:sles15-image-15.0.0-17.17.20 updated From sle-updates at lists.suse.com Fri Jul 8 07:32:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:32:00 +0200 (CEST) Subject: SUSE-CU-2022:1443-1: Recommended update of bci/bci-micro Message-ID: <20220708073200.EBD43FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1443-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.18.3 Container Release : 18.3 Severity : low Type : recommended References : 1199915 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2332-1 Released: Thu Jul 7 22:54:56 2022 Summary: Recommended update for dracut Type: recommended Severity: low References: 1199915 This update for skelcd fixes the following issues: - Ship skelcd-EULA-bci to SLE-Module-Development-Tools-OBS_15-SP3 (bsc#1199915) The following package changes have been done: - skelcd-EULA-bci-2021.05.14-150300.4.8.1 updated From sle-updates at lists.suse.com Fri Jul 8 07:37:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:37:36 +0200 (CEST) Subject: SUSE-CU-2022:1445-1: Security update of bci/nodejs Message-ID: <20220708073736.7FE3FFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1445-1 Container Tags : bci/node:12 , bci/node:12-16.85 , bci/nodejs:12 , bci/nodejs:12-16.85 Container Release : 16.85 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - container:sles15-image-15.0.0-17.17.20 updated From sle-updates at lists.suse.com Fri Jul 8 07:40:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:40:47 +0200 (CEST) Subject: SUSE-CU-2022:1447-1: Security update of bci/python Message-ID: <20220708074047.44BB9FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1447-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.15 Container Release : 18.15 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - curl-7.66.0-150200.4.36.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - container:sles15-image-15.0.0-17.17.20 updated From sle-updates at lists.suse.com Fri Jul 8 07:49:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:49:27 +0200 (CEST) Subject: SUSE-CU-2022:1449-1: Security update of suse/sle15 Message-ID: <20220708074927.26436FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1449-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.20 , suse/sle15:15.3 , suse/sle15:15.3.17.17.20 Container Release : 17.17.20 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated From sle-updates at lists.suse.com Fri Jul 8 07:49:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:49:33 +0200 (CEST) Subject: SUSE-CU-2022:1450-1: Recommended update of suse/sle15 Message-ID: <20220708074933.1DF64FD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1450-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.21 , suse/sle15:15.3 , suse/sle15:15.3.17.17.21 Container Release : 17.17.21 Severity : low Type : recommended References : 1199915 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2332-1 Released: Thu Jul 7 22:54:56 2022 Summary: Recommended update for dracut Type: recommended Severity: low References: 1199915 This update for skelcd fixes the following issues: - Ship skelcd-EULA-bci to SLE-Module-Development-Tools-OBS_15-SP3 (bsc#1199915) The following package changes have been done: - skelcd-EULA-bci-2021.05.14-150300.4.8.1 updated From sle-updates at lists.suse.com Fri Jul 8 07:49:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 09:49:46 +0200 (CEST) Subject: SUSE-CU-2022:1451-1: Recommended update of bci/bci-init Message-ID: <20220708074946.6C12CFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1451-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.18.5 , bci/bci-init:latest Container Release : 18.5 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) The following package changes have been done: - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated From sle-updates at lists.suse.com Fri Jul 8 13:15:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 15:15:40 +0200 (CEST) Subject: SUSE-SU-2022:2334-1: important: Security update for pcre Message-ID: <20220708131540.9F062FD17@maintenance.suse.de> SUSE Security Update: Security update for pcre ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2334-1 Rating: important References: #1199232 Cross-References: CVE-2022-1586 CVSS scores: CVE-2022-1586 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1586 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2334=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2334=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2334=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2334=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2334=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2334=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2334=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2334=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2334=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2334=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2334=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2334=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2334=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2334=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2334=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-2334=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2334=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE OpenStack Cloud 9 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE OpenStack Cloud 8 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libpcrecpp0-32bit-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-32bit-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 pcre-devel-static-8.45-8.12.1 pcre-tools-8.45-8.12.1 pcre-tools-debuginfo-8.45-8.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpcre1-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 - HPE Helion Openstack 8 (x86_64): libpcre1-32bit-8.45-8.12.1 libpcre1-8.45-8.12.1 libpcre1-debuginfo-32bit-8.45-8.12.1 libpcre1-debuginfo-8.45-8.12.1 libpcre16-0-8.45-8.12.1 libpcre16-0-debuginfo-8.45-8.12.1 libpcrecpp0-8.45-8.12.1 libpcrecpp0-debuginfo-8.45-8.12.1 libpcreposix0-8.45-8.12.1 libpcreposix0-debuginfo-8.45-8.12.1 pcre-debugsource-8.45-8.12.1 pcre-devel-8.45-8.12.1 References: https://www.suse.com/security/cve/CVE-2022-1586.html https://bugzilla.suse.com/1199232 From sle-updates at lists.suse.com Fri Jul 8 13:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 15:16:20 +0200 (CEST) Subject: SUSE-SU-2022:2336-1: moderate: Security update for resource-agents Message-ID: <20220708131620.3F8E2FD17@maintenance.suse.de> SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2336-1 Rating: moderate References: #1146691 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in (bsc#1146691). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2336=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-150100.4.66.1 resource-agents-4.3.0184.6ee15eb2-150100.4.66.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-150100.4.66.1 resource-agents-debugsource-4.3.0184.6ee15eb2-150100.4.66.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-150100.4.66.1 References: https://bugzilla.suse.com/1146691 From sle-updates at lists.suse.com Fri Jul 8 13:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 15:16:50 +0200 (CEST) Subject: SUSE-SU-2022:2337-1: important: Security update for resource-agents Message-ID: <20220708131650.89FDDFD17@maintenance.suse.de> SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2337-1 Rating: important References: #1021689 #1146687 #1146690 #1146691 #1146692 #1146766 #1146776 #1146784 #1146785 #1146787 #1196164 #1197956 #1199766 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: Security: - Fixed unsafe tmp files and tmp files directory. (bsc#1146690, bsc#1146691, bsc#1146692, bsc#1146766, bsc#1146776, bsc#1146784, bsc#1146785, bsc#1146787) - Created ocfmon user no longer has a default password. If no password is set, the user will not be created. (bsc#1021689, bsc#1146687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2337=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-150200.3.53.1 resource-agents-4.4.0+git57.70549516-150200.3.53.1 resource-agents-debuginfo-4.4.0+git57.70549516-150200.3.53.1 resource-agents-debugsource-4.4.0+git57.70549516-150200.3.53.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-150200.3.53.1 References: https://bugzilla.suse.com/1021689 https://bugzilla.suse.com/1146687 https://bugzilla.suse.com/1146690 https://bugzilla.suse.com/1146691 https://bugzilla.suse.com/1146692 https://bugzilla.suse.com/1146766 https://bugzilla.suse.com/1146776 https://bugzilla.suse.com/1146784 https://bugzilla.suse.com/1146785 https://bugzilla.suse.com/1146787 https://bugzilla.suse.com/1196164 https://bugzilla.suse.com/1197956 https://bugzilla.suse.com/1199766 From sle-updates at lists.suse.com Fri Jul 8 13:18:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 15:18:17 +0200 (CEST) Subject: SUSE-SU-2022:2335-1: moderate: Security update for resource-agents Message-ID: <20220708131817.D69E9FD17@maintenance.suse.de> SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2335-1 Rating: moderate References: #1146691 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed redictable log file in /tmp in mariadb.in (bsc#1146691). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2335=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2335=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.92.1 resource-agents-4.3.018.a7fb5035-3.92.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.92.1 resource-agents-debugsource-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.92.1 resource-agents-4.3.018.a7fb5035-3.92.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.92.1 resource-agents-debugsource-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.92.1 References: https://bugzilla.suse.com/1146691 From sle-updates at lists.suse.com Fri Jul 8 13:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 15:18:51 +0200 (CEST) Subject: SUSE-SU-2022:2333-1: important: Security update for rsyslog Message-ID: <20220708131851.53899FD17@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2333-1 Rating: important References: #1199061 Cross-References: CVE-2022-24903 CVSS scores: CVE-2022-24903 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2333=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): rsyslog-8.4.0-18.16.1 rsyslog-debuginfo-8.4.0-18.16.1 rsyslog-debugsource-8.4.0-18.16.1 rsyslog-diag-tools-8.4.0-18.16.1 rsyslog-diag-tools-debuginfo-8.4.0-18.16.1 rsyslog-doc-8.4.0-18.16.1 rsyslog-module-gssapi-8.4.0-18.16.1 rsyslog-module-gssapi-debuginfo-8.4.0-18.16.1 rsyslog-module-gtls-8.4.0-18.16.1 rsyslog-module-gtls-debuginfo-8.4.0-18.16.1 rsyslog-module-mysql-8.4.0-18.16.1 rsyslog-module-mysql-debuginfo-8.4.0-18.16.1 rsyslog-module-pgsql-8.4.0-18.16.1 rsyslog-module-pgsql-debuginfo-8.4.0-18.16.1 rsyslog-module-relp-8.4.0-18.16.1 rsyslog-module-relp-debuginfo-8.4.0-18.16.1 rsyslog-module-snmp-8.4.0-18.16.1 rsyslog-module-snmp-debuginfo-8.4.0-18.16.1 rsyslog-module-udpspoof-8.4.0-18.16.1 rsyslog-module-udpspoof-debuginfo-8.4.0-18.16.1 References: https://www.suse.com/security/cve/CVE-2022-24903.html https://bugzilla.suse.com/1199061 From sle-updates at lists.suse.com Fri Jul 8 19:16:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:16:12 +0200 (CEST) Subject: SUSE-SU-2022:2344-1: important: Security update for python Message-ID: <20220708191612.A6ACFFD17@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2344-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2344=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2344=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2344=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2344=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2344=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2344=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2344=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2344=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2344=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2344=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2344=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2344=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2344=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2344=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2344=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2344=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2344=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2344=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2344=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-demo-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-idle-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - openSUSE Leap 15.4 (noarch): python-doc-2.7.18-150000.41.1 python-doc-pdf-2.7.18-150000.41.1 - openSUSE Leap 15.4 (x86_64): libpython2_7-1_0-32bit-2.7.18-150000.41.1 libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.41.1 python-32bit-2.7.18-150000.41.1 python-32bit-debuginfo-2.7.18-150000.41.1 python-base-32bit-2.7.18-150000.41.1 python-base-32bit-debuginfo-2.7.18-150000.41.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-demo-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-idle-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - openSUSE Leap 15.3 (noarch): python-doc-2.7.18-150000.41.1 python-doc-pdf-2.7.18-150000.41.1 - openSUSE Leap 15.3 (x86_64): libpython2_7-1_0-32bit-2.7.18-150000.41.1 libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.41.1 python-32bit-2.7.18-150000.41.1 python-32bit-debuginfo-2.7.18-150000.41.1 python-base-32bit-2.7.18-150000.41.1 python-base-32bit-debuginfo-2.7.18-150000.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Manager Proxy 4.1 (x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 - SUSE CaaS Platform 4.0 (x86_64): libpython2_7-1_0-2.7.18-150000.41.1 libpython2_7-1_0-debuginfo-2.7.18-150000.41.1 python-2.7.18-150000.41.1 python-base-2.7.18-150000.41.1 python-base-debuginfo-2.7.18-150000.41.1 python-base-debugsource-2.7.18-150000.41.1 python-curses-2.7.18-150000.41.1 python-curses-debuginfo-2.7.18-150000.41.1 python-debuginfo-2.7.18-150000.41.1 python-debugsource-2.7.18-150000.41.1 python-devel-2.7.18-150000.41.1 python-gdbm-2.7.18-150000.41.1 python-gdbm-debuginfo-2.7.18-150000.41.1 python-tk-2.7.18-150000.41.1 python-tk-debuginfo-2.7.18-150000.41.1 python-xml-2.7.18-150000.41.1 python-xml-debuginfo-2.7.18-150000.41.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Fri Jul 8 19:17:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:17:02 +0200 (CEST) Subject: SUSE-SU-2022:2340-1: important: Security update for fwupdate Message-ID: <20220708191702.5FB12FD17@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2340-1 Rating: important References: #1198581 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2340=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2340=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2340=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2340=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2340=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2340=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2340=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2340=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2340=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2340=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2340=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2340=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2340=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2340=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2340=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2340=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2340=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2340=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2340=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - openSUSE Leap 15.3 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Manager Server 4.1 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Manager Proxy 4.1 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 - SUSE CaaS Platform 4.0 (x86_64): fwupdate-12-150100.11.10.1 fwupdate-debuginfo-12-150100.11.10.1 fwupdate-debugsource-12-150100.11.10.1 fwupdate-devel-12-150100.11.10.1 fwupdate-efi-12-150100.11.10.1 fwupdate-efi-debuginfo-12-150100.11.10.1 libfwup1-12-150100.11.10.1 libfwup1-debuginfo-12-150100.11.10.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jul 8 19:17:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:17:46 +0200 (CEST) Subject: SUSE-SU-2022:2338-1: important: Security update for apache2 Message-ID: <20220708191746.59373FD17@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2338-1 Rating: important References: #1200338 #1200340 #1200341 #1200345 #1200348 #1200350 #1200352 Cross-References: CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVSS scores: CVE-2022-26377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-26377 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-28614 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-28614 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28615 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-28615 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30556 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-30556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31813 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31813 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2338=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2338=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2338=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2338=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2338=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2338=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2338=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2338=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2338=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2338=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE Enterprise Storage 6 (noarch): apache2-doc-2.4.33-150000.3.69.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-2.4.33-150000.3.69.1 apache2-debuginfo-2.4.33-150000.3.69.1 apache2-debugsource-2.4.33-150000.3.69.1 apache2-devel-2.4.33-150000.3.69.1 apache2-prefork-2.4.33-150000.3.69.1 apache2-prefork-debuginfo-2.4.33-150000.3.69.1 apache2-utils-2.4.33-150000.3.69.1 apache2-utils-debuginfo-2.4.33-150000.3.69.1 apache2-worker-2.4.33-150000.3.69.1 apache2-worker-debuginfo-2.4.33-150000.3.69.1 - SUSE CaaS Platform 4.0 (noarch): apache2-doc-2.4.33-150000.3.69.1 References: https://www.suse.com/security/cve/CVE-2022-26377.html https://www.suse.com/security/cve/CVE-2022-28614.html https://www.suse.com/security/cve/CVE-2022-28615.html https://www.suse.com/security/cve/CVE-2022-29404.html https://www.suse.com/security/cve/CVE-2022-30522.html https://www.suse.com/security/cve/CVE-2022-30556.html https://www.suse.com/security/cve/CVE-2022-31813.html https://bugzilla.suse.com/1200338 https://bugzilla.suse.com/1200340 https://bugzilla.suse.com/1200341 https://bugzilla.suse.com/1200345 https://bugzilla.suse.com/1200348 https://bugzilla.suse.com/1200350 https://bugzilla.suse.com/1200352 From sle-updates at lists.suse.com Fri Jul 8 19:19:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:19:07 +0200 (CEST) Subject: SUSE-SU-2022:2342-1: important: Security update for apache2 Message-ID: <20220708191907.31EAEFD17@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2342-1 Rating: important References: #1200338 #1200340 #1200341 #1200345 #1200348 #1200350 #1200352 Cross-References: CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVSS scores: CVE-2022-26377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-26377 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-28614 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-28614 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28615 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-28615 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30556 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-30556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31813 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31813 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2342=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2342=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2342=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2342=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2342=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2342=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2342=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2342=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2342=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2342=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2342=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2342=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2342=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-event-2.4.51-150200.3.48.1 apache2-event-debuginfo-2.4.51-150200.3.48.1 apache2-example-pages-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - openSUSE Leap 15.3 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Manager Server 4.1 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Manager Retail Branch Server 4.1 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Manager Proxy 4.1 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Manager Proxy 4.1 (x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-event-2.4.51-150200.3.48.1 apache2-event-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): apache2-doc-2.4.51-150200.3.48.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-2.4.51-150200.3.48.1 apache2-debuginfo-2.4.51-150200.3.48.1 apache2-debugsource-2.4.51-150200.3.48.1 apache2-devel-2.4.51-150200.3.48.1 apache2-prefork-2.4.51-150200.3.48.1 apache2-prefork-debuginfo-2.4.51-150200.3.48.1 apache2-utils-2.4.51-150200.3.48.1 apache2-utils-debuginfo-2.4.51-150200.3.48.1 apache2-worker-2.4.51-150200.3.48.1 apache2-worker-debuginfo-2.4.51-150200.3.48.1 - SUSE Enterprise Storage 7 (noarch): apache2-doc-2.4.51-150200.3.48.1 References: https://www.suse.com/security/cve/CVE-2022-26377.html https://www.suse.com/security/cve/CVE-2022-28614.html https://www.suse.com/security/cve/CVE-2022-28615.html https://www.suse.com/security/cve/CVE-2022-29404.html https://www.suse.com/security/cve/CVE-2022-30522.html https://www.suse.com/security/cve/CVE-2022-30556.html https://www.suse.com/security/cve/CVE-2022-31813.html https://bugzilla.suse.com/1200338 https://bugzilla.suse.com/1200340 https://bugzilla.suse.com/1200341 https://bugzilla.suse.com/1200345 https://bugzilla.suse.com/1200348 https://bugzilla.suse.com/1200350 https://bugzilla.suse.com/1200352 From sle-updates at lists.suse.com Fri Jul 8 19:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:20:21 +0200 (CEST) Subject: SUSE-RU-2022:2339-1: moderate: Recommended update for rsyslog Message-ID: <20220708192021.EF46FFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2339-1 Rating: moderate References: #1198939 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2339=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2339=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2339=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.29.1 rsyslog-debuginfo-8.2106.0-150200.4.29.1 rsyslog-debugsource-8.2106.0-150200.4.29.1 rsyslog-diag-tools-8.2106.0-150200.4.29.1 rsyslog-diag-tools-debuginfo-8.2106.0-150200.4.29.1 rsyslog-doc-8.2106.0-150200.4.29.1 rsyslog-module-dbi-8.2106.0-150200.4.29.1 rsyslog-module-dbi-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-elasticsearch-8.2106.0-150200.4.29.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-gcrypt-8.2106.0-150200.4.29.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-gssapi-8.2106.0-150200.4.29.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-gtls-8.2106.0-150200.4.29.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.29.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-mysql-8.2106.0-150200.4.29.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-omamqp1-8.2106.0-150200.4.29.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-omhttpfs-8.2106.0-150200.4.29.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-omtcl-8.2106.0-150200.4.29.1 rsyslog-module-omtcl-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-ossl-8.2106.0-150200.4.29.1 rsyslog-module-ossl-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-pgsql-8.2106.0-150200.4.29.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-relp-8.2106.0-150200.4.29.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-snmp-8.2106.0-150200.4.29.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-udpspoof-8.2106.0-150200.4.29.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-150200.4.29.1 rsyslog-debugsource-8.2106.0-150200.4.29.1 rsyslog-module-gssapi-8.2106.0-150200.4.29.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-gtls-8.2106.0-150200.4.29.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.29.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-mysql-8.2106.0-150200.4.29.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-pgsql-8.2106.0-150200.4.29.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-relp-8.2106.0-150200.4.29.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-snmp-8.2106.0-150200.4.29.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.29.1 rsyslog-module-udpspoof-8.2106.0-150200.4.29.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.29.1 rsyslog-debuginfo-8.2106.0-150200.4.29.1 rsyslog-debugsource-8.2106.0-150200.4.29.1 References: https://bugzilla.suse.com/1198939 From sle-updates at lists.suse.com Fri Jul 8 19:21:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:21:11 +0200 (CEST) Subject: SUSE-SU-2022:2341-1: important: Security update for containerd, docker and runc Message-ID: <20220708192111.890ABFD17@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker and runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2341-1 Rating: important References: #1192051 #1199460 #1199565 #1200088 #1200145 Cross-References: CVE-2022-29162 CVE-2022-31030 CVSS scores: CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-31030 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2341=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2341=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2341=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2341=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2341=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2341=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2341=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2341=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2341=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2341=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2341=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2341=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2341=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2341=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-2341=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-2341=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2341=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2341=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2341=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2341=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2341=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2341=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 docker-kubic-20.10.17_ce-150000.166.1 docker-kubic-debuginfo-20.10.17_ce-150000.166.1 docker-kubic-kubeadm-criconfig-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - openSUSE Leap 15.4 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 docker-fish-completion-20.10.17_ce-150000.166.1 docker-kubic-bash-completion-20.10.17_ce-150000.166.1 docker-kubic-fish-completion-20.10.17_ce-150000.166.1 docker-kubic-zsh-completion-20.10.17_ce-150000.166.1 docker-zsh-completion-20.10.17_ce-150000.166.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 docker-kubic-20.10.17_ce-150000.166.1 docker-kubic-debuginfo-20.10.17_ce-150000.166.1 docker-kubic-kubeadm-criconfig-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - openSUSE Leap 15.3 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 docker-fish-completion-20.10.17_ce-150000.166.1 docker-kubic-bash-completion-20.10.17_ce-150000.166.1 docker-kubic-fish-completion-20.10.17_ce-150000.166.1 docker-kubic-zsh-completion-20.10.17_ce-150000.166.1 docker-zsh-completion-20.10.17_ce-150000.166.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Manager Server 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Manager Retail Branch Server 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Manager Proxy 4.1 (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Manager Proxy 4.1 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.6.6-150000.73.2 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 docker-fish-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): containerd-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Enterprise Storage 7 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 - SUSE Enterprise Storage 6 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE CaaS Platform 4.0 (noarch): docker-bash-completion-20.10.17_ce-150000.166.1 - SUSE CaaS Platform 4.0 (x86_64): containerd-1.6.6-150000.73.2 containerd-ctr-1.6.6-150000.73.2 docker-20.10.17_ce-150000.166.1 docker-debuginfo-20.10.17_ce-150000.166.1 runc-1.1.3-150000.30.1 runc-debuginfo-1.1.3-150000.30.1 References: https://www.suse.com/security/cve/CVE-2022-29162.html https://www.suse.com/security/cve/CVE-2022-31030.html https://bugzilla.suse.com/1192051 https://bugzilla.suse.com/1199460 https://bugzilla.suse.com/1199565 https://bugzilla.suse.com/1200088 https://bugzilla.suse.com/1200145 From sle-updates at lists.suse.com Fri Jul 8 19:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jul 2022 21:22:19 +0200 (CEST) Subject: SUSE-SU-2022:2343-1: important: Security update for oracleasm Message-ID: <20220708192219.2B40CFD17@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2343-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2343=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2343=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2343=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2343=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): oracleasm-kmp-default-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150000.150.92-150000.4.9.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jul 8 22:16:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Jul 2022 00:16:28 +0200 (CEST) Subject: SUSE-SU-2022:2345-1: important: Security update for fwupd Message-ID: <20220708221628.A5030FD17@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2345-1 Rating: important References: #1198581 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2345=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2345=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2345=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2345=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2345=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2345=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2345=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2345=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2345=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Manager Server 4.1 (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Manager Retail Branch Server 4.1 (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Manager Proxy 4.1 (x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Manager Proxy 4.1 (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): fwupd-lang-1.2.14-150200.5.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): fwupd-1.2.14-150200.5.10.1 fwupd-debuginfo-1.2.14-150200.5.10.1 fwupd-debugsource-1.2.14-150200.5.10.1 fwupd-devel-1.2.14-150200.5.10.1 libfwupd2-1.2.14-150200.5.10.1 libfwupd2-debuginfo-1.2.14-150200.5.10.1 typelib-1_0-Fwupd-2_0-1.2.14-150200.5.10.1 - SUSE Enterprise Storage 7 (noarch): fwupd-lang-1.2.14-150200.5.10.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Sat Jul 9 07:23:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Jul 2022 09:23:10 +0200 (CEST) Subject: SUSE-CU-2022:1452-1: Security update of suse/sles12sp4 Message-ID: <20220709072310.8E59DFD17@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1452-1 Container Tags : suse/sles12sp4:26.475 , suse/sles12sp4:latest Container Release : 26.475 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2334-1 Released: Fri Jul 8 10:12:23 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - base-container-licenses-3.0-1.300 updated - libpcre1-8.45-8.12.1 updated From sle-updates at lists.suse.com Sun Jul 10 07:03:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 10 Jul 2022 09:03:30 +0200 (CEST) Subject: SUSE-IU-2022:761-1: Security update of suse-sles-15-sp3-chost-byos-v20220708-hvm-ssd-x86_64 Message-ID: <20220710070330.0F285FD17@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220708-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:761-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220708-hvm-ssd-x86_64:20220708 Image Release : Severity : important Type : security References : 1027519 1027942 1055117 1061840 1065729 1070955 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1185637 1188885 1191184 1191185 1191186 1191770 1192051 1192167 1192902 1192903 1192904 1193282 1193466 1193905 1194093 1194216 1194217 1194388 1194872 1194885 1195004 1195203 1195332 1195354 1195826 1196076 1196361 1196426 1196478 1196570 1196840 1197426 1197446 1197472 1197601 1197675 1197948 1198438 1198460 1198493 1198495 1198496 1198577 1198581 1198596 1198748 1198939 1198971 1198989 1199035 1199052 1199063 1199114 1199166 1199314 1199331 1199333 1199334 1199365 1199460 1199505 1199507 1199564 1199565 1199626 1199631 1199650 1199651 1199655 1199670 1199693 1199745 1199747 1199839 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200019 1200045 1200046 1200088 1200143 1200144 1200145 1200192 1200206 1200207 1200216 1200249 1200259 1200263 1200268 1200529 1200550 1200735 1200737 1201099 CVE-2017-17087 CVE-2019-19377 CVE-2020-26541 CVE-2021-33061 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1184 CVE-2022-1292 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1729 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-20008 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-29162 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220708-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2061-1 Released: Mon Jun 13 15:33:49 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1196076 This update for SUSEConnect fixes the following issues: - Update to 0.3.34 - Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect. - Update to 0.3.33 - Add --keepalive command to send pings to SCC. - Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2064-1 Released: Mon Jun 13 15:35:18 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2065-1 Released: Mon Jun 13 15:35:53 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1197426,1199965,1199966,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2078-1 Released: Tue Jun 14 20:30:07 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216,CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2173-1 Released: Fri Jun 24 10:52:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529,CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2269-1 Released: Tue Jul 5 15:34:04 2022 Summary: Recommended update for virt-manager Type: recommended Severity: moderate References: 1027942 This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. The following package changes have been done: - SUSEConnect-0.3.34-150300.20.3.3 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.66.0-150200.4.36.1 updated - docker-20.10.17_ce-150000.166.1 updated - grub2-i386-pc-2.04-150300.22.20.2 updated - grub2-x86_64-efi-2.04-150300.22.20.2 updated - grub2-x86_64-xen-2.04-150300.22.20.2 updated - grub2-2.04-150300.22.20.2 updated - kernel-default-5.3.18-150300.59.76.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - open-iscsi-2.1.7-150300.32.18.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - runc-1.1.3-150000.30.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - xen-libs-4.14.5_02-150300.3.29.1 updated - xen-tools-domU-4.14.5_02-150300.3.29.1 updated From sle-updates at lists.suse.com Sun Jul 10 07:05:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 10 Jul 2022 09:05:39 +0200 (CEST) Subject: SUSE-IU-2022:760-1: Security update of sles-15-sp3-chost-byos-v20220708-x86-64 Message-ID: <20220710070539.0F021FD17@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220708-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:760-1 Image Tags : sles-15-sp3-chost-byos-v20220708-x86-64:20220708 Image Release : Severity : important Type : security References : 1027519 1027942 1055117 1061840 1065729 1070955 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1185637 1188885 1191184 1191185 1191186 1191770 1192051 1192167 1192902 1192903 1192904 1193282 1193466 1193905 1194093 1194216 1194217 1194388 1194872 1194885 1195004 1195203 1195332 1195354 1195826 1196076 1196361 1196426 1196478 1196570 1196840 1197426 1197446 1197472 1197601 1197675 1197948 1198438 1198460 1198493 1198495 1198496 1198577 1198581 1198596 1198748 1198939 1198971 1198989 1199035 1199052 1199063 1199114 1199166 1199314 1199331 1199333 1199334 1199365 1199460 1199505 1199507 1199564 1199565 1199626 1199631 1199650 1199651 1199655 1199670 1199693 1199745 1199747 1199839 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200019 1200045 1200046 1200088 1200143 1200144 1200145 1200192 1200206 1200207 1200216 1200249 1200259 1200263 1200268 1200529 1200550 1200735 1200737 1201099 CVE-2017-17087 CVE-2019-19377 CVE-2020-26541 CVE-2021-33061 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1184 CVE-2022-1292 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1729 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-20008 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-29162 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220708-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2061-1 Released: Mon Jun 13 15:33:49 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1196076 This update for SUSEConnect fixes the following issues: - Update to 0.3.34 - Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect. - Update to 0.3.33 - Add --keepalive command to send pings to SCC. - Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2064-1 Released: Mon Jun 13 15:35:18 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2065-1 Released: Mon Jun 13 15:35:53 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1197426,1199965,1199966,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2078-1 Released: Tue Jun 14 20:30:07 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216,CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2173-1 Released: Fri Jun 24 10:52:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529,CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2269-1 Released: Tue Jul 5 15:34:04 2022 Summary: Recommended update for virt-manager Type: recommended Severity: moderate References: 1027942 This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. The following package changes have been done: - SUSEConnect-0.3.34-150300.20.3.3 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.66.0-150200.4.36.1 updated - docker-20.10.17_ce-150000.166.1 updated - grub2-i386-pc-2.04-150300.22.20.2 updated - grub2-x86_64-efi-2.04-150300.22.20.2 updated - grub2-2.04-150300.22.20.2 updated - kernel-default-5.3.18-150300.59.76.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - open-iscsi-2.1.7-150300.32.18.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - runc-1.1.3-150000.30.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - xen-libs-4.14.5_02-150300.3.29.1 updated From sle-updates at lists.suse.com Mon Jul 11 07:03:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 09:03:43 +0200 (CEST) Subject: SUSE-IU-2022:763-1: Security update of suse-sles-15-sp3-chost-byos-v20220708-x86_64-gen2 Message-ID: <20220711070343.170A4FD17@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220708-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:763-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220708-x86_64-gen2:20220708 Image Release : Severity : important Type : security References : 1027519 1027942 1055117 1061840 1065729 1070955 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1185637 1188885 1191184 1191185 1191186 1191770 1192051 1192167 1192902 1192903 1192904 1193282 1193466 1193905 1194093 1194216 1194217 1194388 1194872 1194885 1195004 1195203 1195332 1195354 1195826 1196076 1196361 1196426 1196478 1196570 1196840 1197426 1197446 1197472 1197601 1197675 1197948 1198438 1198460 1198493 1198495 1198496 1198577 1198581 1198596 1198748 1198939 1198971 1198989 1199035 1199052 1199063 1199114 1199166 1199314 1199331 1199333 1199334 1199365 1199460 1199505 1199507 1199564 1199565 1199626 1199631 1199650 1199651 1199655 1199670 1199693 1199745 1199747 1199839 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200019 1200045 1200046 1200088 1200143 1200144 1200145 1200192 1200206 1200207 1200216 1200249 1200259 1200263 1200268 1200529 1200550 1200735 1200737 1201099 CVE-2017-17087 CVE-2019-19377 CVE-2020-26541 CVE-2021-33061 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1184 CVE-2022-1292 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1729 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-20008 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-29162 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220708-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2061-1 Released: Mon Jun 13 15:33:49 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1196076 This update for SUSEConnect fixes the following issues: - Update to 0.3.34 - Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect. - Update to 0.3.33 - Add --keepalive command to send pings to SCC. - Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2064-1 Released: Mon Jun 13 15:35:18 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2065-1 Released: Mon Jun 13 15:35:53 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1197426,1199965,1199966,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2078-1 Released: Tue Jun 14 20:30:07 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216,CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2173-1 Released: Fri Jun 24 10:52:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529,CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2269-1 Released: Tue Jul 5 15:34:04 2022 Summary: Recommended update for virt-manager Type: recommended Severity: moderate References: 1027942 This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. The following package changes have been done: - SUSEConnect-0.3.34-150300.20.3.3 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.66.0-150200.4.36.1 updated - docker-20.10.17_ce-150000.166.1 updated - grub2-i386-pc-2.04-150300.22.20.2 updated - grub2-x86_64-efi-2.04-150300.22.20.2 updated - grub2-2.04-150300.22.20.2 updated - kernel-default-5.3.18-150300.59.76.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - open-iscsi-2.1.7-150300.32.18.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - runc-1.1.3-150000.30.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - xen-libs-4.14.5_02-150300.3.29.1 updated From sle-updates at lists.suse.com Mon Jul 11 13:16:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:16:04 +0200 (CEST) Subject: SUSE-SU-2022:2351-1: important: Security update for python3 Message-ID: <20220711131604.222CEFDCF@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2351-1 Rating: important References: #1186819 #1190566 #1192249 #1193179 #1198511 Cross-References: CVE-2015-20107 CVE-2021-3572 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2021-3572 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2351=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2351=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2351=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2351=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2351=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2351=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2351=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2351=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2351=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2351=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2351=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2351=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2351=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Manager Proxy 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-base-debuginfo-3.6.15-150000.3.106.1 python3-core-debugsource-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-150000.3.106.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.106.1 python3-3.6.15-150000.3.106.1 python3-base-3.6.15-150000.3.106.1 python3-curses-3.6.15-150000.3.106.1 python3-curses-debuginfo-3.6.15-150000.3.106.1 python3-dbm-3.6.15-150000.3.106.1 python3-dbm-debuginfo-3.6.15-150000.3.106.1 python3-debuginfo-3.6.15-150000.3.106.1 python3-debugsource-3.6.15-150000.3.106.1 python3-devel-3.6.15-150000.3.106.1 python3-devel-debuginfo-3.6.15-150000.3.106.1 python3-idle-3.6.15-150000.3.106.1 python3-testsuite-3.6.15-150000.3.106.1 python3-tk-3.6.15-150000.3.106.1 python3-tk-debuginfo-3.6.15-150000.3.106.1 python3-tools-3.6.15-150000.3.106.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 https://bugzilla.suse.com/1190566 https://bugzilla.suse.com/1192249 https://bugzilla.suse.com/1193179 https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Mon Jul 11 13:17:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:17:08 +0200 (CEST) Subject: SUSE-SU-2022:2350-1: moderate: Security update for ignition Message-ID: <20220711131708.B71C1FDCF@maintenance.suse.de> SUSE Security Update: Security update for ignition ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2350-1 Rating: moderate References: #1199524 Cross-References: CVE-2022-1706 CVSS scores: CVE-2022-1706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1706 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ignition fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). - Update to version 2.14.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2350=1 Package List: - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ignition-2.14.0-150300.4.7.1 ignition-debuginfo-2.14.0-150300.4.7.1 ignition-dracut-grub2-2.14.0-150300.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-1706.html https://bugzilla.suse.com/1199524 From sle-updates at lists.suse.com Mon Jul 11 13:17:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:17:45 +0200 (CEST) Subject: SUSE-SU-2022:2352-1: critical: Security update for freerdp Message-ID: <20220711131745.196D5FDCF@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2352-1 Rating: critical References: #1198919 #1198921 Cross-References: CVE-2022-24882 CVE-2022-24883 CVSS scores: CVE-2022-24882 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24882 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2352=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2352=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.23.1 freerdp-debuginfo-2.1.2-12.23.1 freerdp-debugsource-2.1.2-12.23.1 freerdp-proxy-2.1.2-12.23.1 freerdp-server-2.1.2-12.23.1 libfreerdp2-2.1.2-12.23.1 libfreerdp2-debuginfo-2.1.2-12.23.1 libwinpr2-2.1.2-12.23.1 libwinpr2-debuginfo-2.1.2-12.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.23.1 freerdp-debugsource-2.1.2-12.23.1 freerdp-devel-2.1.2-12.23.1 libfreerdp2-2.1.2-12.23.1 libfreerdp2-debuginfo-2.1.2-12.23.1 libwinpr2-2.1.2-12.23.1 libwinpr2-debuginfo-2.1.2-12.23.1 winpr2-devel-2.1.2-12.23.1 References: https://www.suse.com/security/cve/CVE-2022-24882.html https://www.suse.com/security/cve/CVE-2022-24883.html https://bugzilla.suse.com/1198919 https://bugzilla.suse.com/1198921 From sle-updates at lists.suse.com Mon Jul 11 13:18:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:18:23 +0200 (CEST) Subject: SUSE-SU-2022:2348-1: important: Security update for crash Message-ID: <20220711131823.BAE19FDCF@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2348-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2348=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2348=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): crash-7.2.9-150300.23.10.1 crash-debuginfo-7.2.9-150300.23.10.1 crash-debugsource-7.2.9-150300.23.10.1 crash-devel-7.2.9-150300.23.10.1 crash-doc-7.2.9-150300.23.10.1 crash-eppic-7.2.9-150300.23.10.1 crash-eppic-debuginfo-7.2.9-150300.23.10.1 crash-kmp-default-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 crash-kmp-default-debuginfo-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 - openSUSE Leap 15.3 (aarch64 x86_64): crash-kmp-preempt-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 crash-kmp-preempt-debuginfo-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 - openSUSE Leap 15.3 (aarch64): crash-kmp-64kb-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 crash-kmp-64kb-debuginfo-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 - openSUSE Leap 15.3 (x86_64): crash-gcore-7.2.9-150300.23.10.1 crash-gcore-debuginfo-7.2.9-150300.23.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): crash-7.2.9-150300.23.10.1 crash-debuginfo-7.2.9-150300.23.10.1 crash-debugsource-7.2.9-150300.23.10.1 crash-devel-7.2.9-150300.23.10.1 crash-kmp-default-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 crash-kmp-default-debuginfo-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64): crash-kmp-64kb-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 crash-kmp-64kb-debuginfo-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Jul 11 13:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:18:57 +0200 (CEST) Subject: SUSE-SU-2022:2347-1: moderate: Security update for libnbd Message-ID: <20220711131857.1B961FDCF@maintenance.suse.de> SUSE Security Update: Security update for libnbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2347-1 Rating: moderate References: #1195636 Cross-References: CVE-2022-0485 CVSS scores: CVE-2022-0485 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed nbdcopy failure if NBD read or write fails (bsc#1195636). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2347=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2347=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnbd-1.9.3-150300.8.9.1 libnbd-debuginfo-1.9.3-150300.8.9.1 libnbd-debugsource-1.9.3-150300.8.9.1 libnbd-devel-1.9.3-150300.8.9.1 libnbd0-1.9.3-150300.8.9.1 libnbd0-debuginfo-1.9.3-150300.8.9.1 nbdfuse-1.9.3-150300.8.9.1 nbdfuse-debuginfo-1.9.3-150300.8.9.1 - openSUSE Leap 15.4 (noarch): libnbd-bash-completion-1.9.3-150300.8.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libnbd-1.9.3-150300.8.9.1 libnbd-debuginfo-1.9.3-150300.8.9.1 libnbd-debugsource-1.9.3-150300.8.9.1 libnbd-devel-1.9.3-150300.8.9.1 libnbd0-1.9.3-150300.8.9.1 libnbd0-debuginfo-1.9.3-150300.8.9.1 nbdfuse-1.9.3-150300.8.9.1 nbdfuse-debuginfo-1.9.3-150300.8.9.1 - openSUSE Leap 15.3 (noarch): libnbd-bash-completion-1.9.3-150300.8.9.1 References: https://www.suse.com/security/cve/CVE-2022-0485.html https://bugzilla.suse.com/1195636 From sle-updates at lists.suse.com Mon Jul 11 13:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 15:19:29 +0200 (CEST) Subject: SUSE-SU-2022:2349-1: moderate: Security update for ignition Message-ID: <20220711131929.89339FDCF@maintenance.suse.de> SUSE Security Update: Security update for ignition ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2349-1 Rating: moderate References: #1199524 Cross-References: CVE-2022-1706 CVSS scores: CVE-2022-1706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1706 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ignition fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). - Update to version 2.14.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2349=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ignition-2.14.0-150300.6.7.1 ignition-debuginfo-2.14.0-150300.6.7.1 ignition-dracut-grub2-2.14.0-150300.6.7.1 References: https://www.suse.com/security/cve/CVE-2022-1706.html https://bugzilla.suse.com/1199524 From sle-updates at lists.suse.com Mon Jul 11 16:16:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 18:16:09 +0200 (CEST) Subject: SUSE-RU-2022:2355-1: moderate: Recommended update for python-cryptography Message-ID: <20220711161609.9B81AFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2355-1 Rating: moderate References: #1198331 PM-3445 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_c ertificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_c ertificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2355=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-cryptography-debugsource-3.3.2-150400.16.3.1 python3-cryptography-3.3.2-150400.16.3.1 python3-cryptography-debuginfo-3.3.2-150400.16.3.1 - openSUSE Leap 15.4 (noarch): python3-cryptography-vectors-3.3.2-150400.7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-cryptography-debugsource-3.3.2-150400.16.3.1 python3-cryptography-3.3.2-150400.16.3.1 python3-cryptography-debuginfo-3.3.2-150400.16.3.1 References: https://bugzilla.suse.com/1198331 From sle-updates at lists.suse.com Mon Jul 11 16:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 18:16:44 +0200 (CEST) Subject: SUSE-SU-2022:2354-1: critical: Security update for freerdp Message-ID: <20220711161644.412C9FDCF@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2354-1 Rating: critical References: #1198919 #1198921 Cross-References: CVE-2022-24882 CVE-2022-24883 CVSS scores: CVE-2022-24882 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24882 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2354=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2354=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2354=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freerdp-2.4.0-150400.3.3.1 freerdp-debuginfo-2.4.0-150400.3.3.1 freerdp-debugsource-2.4.0-150400.3.3.1 freerdp-devel-2.4.0-150400.3.3.1 freerdp-proxy-2.4.0-150400.3.3.1 freerdp-proxy-debuginfo-2.4.0-150400.3.3.1 freerdp-server-2.4.0-150400.3.3.1 freerdp-server-debuginfo-2.4.0-150400.3.3.1 freerdp-wayland-2.4.0-150400.3.3.1 freerdp-wayland-debuginfo-2.4.0-150400.3.3.1 libfreerdp2-2.4.0-150400.3.3.1 libfreerdp2-debuginfo-2.4.0-150400.3.3.1 libuwac0-0-2.4.0-150400.3.3.1 libuwac0-0-debuginfo-2.4.0-150400.3.3.1 libwinpr2-2.4.0-150400.3.3.1 libwinpr2-debuginfo-2.4.0-150400.3.3.1 uwac0-0-devel-2.4.0-150400.3.3.1 winpr2-devel-2.4.0-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): freerdp-2.4.0-150400.3.3.1 freerdp-debuginfo-2.4.0-150400.3.3.1 freerdp-debugsource-2.4.0-150400.3.3.1 freerdp-devel-2.4.0-150400.3.3.1 freerdp-proxy-2.4.0-150400.3.3.1 freerdp-proxy-debuginfo-2.4.0-150400.3.3.1 libfreerdp2-2.4.0-150400.3.3.1 libfreerdp2-debuginfo-2.4.0-150400.3.3.1 libwinpr2-2.4.0-150400.3.3.1 libwinpr2-debuginfo-2.4.0-150400.3.3.1 winpr2-devel-2.4.0-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): freerdp-2.4.0-150400.3.3.1 freerdp-debuginfo-2.4.0-150400.3.3.1 freerdp-debugsource-2.4.0-150400.3.3.1 freerdp-devel-2.4.0-150400.3.3.1 freerdp-proxy-2.4.0-150400.3.3.1 freerdp-proxy-debuginfo-2.4.0-150400.3.3.1 libfreerdp2-2.4.0-150400.3.3.1 libfreerdp2-debuginfo-2.4.0-150400.3.3.1 libwinpr2-2.4.0-150400.3.3.1 libwinpr2-debuginfo-2.4.0-150400.3.3.1 winpr2-devel-2.4.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-24882.html https://www.suse.com/security/cve/CVE-2022-24883.html https://bugzilla.suse.com/1198919 https://bugzilla.suse.com/1198921 From sle-updates at lists.suse.com Mon Jul 11 16:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 18:17:24 +0200 (CEST) Subject: SUSE-SU-2022:2353-1: critical: Security update for freerdp Message-ID: <20220711161724.996D2FDCF@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2353-1 Rating: critical References: #1198919 #1198921 Cross-References: CVE-2022-24882 CVE-2022-24883 CVSS scores: CVE-2022-24882 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24882 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24883 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2353=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2353=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2353=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freerdp-2.1.2-150200.15.15.1 freerdp-debuginfo-2.1.2-150200.15.15.1 freerdp-debugsource-2.1.2-150200.15.15.1 freerdp-devel-2.1.2-150200.15.15.1 freerdp-proxy-2.1.2-150200.15.15.1 freerdp-proxy-debuginfo-2.1.2-150200.15.15.1 freerdp-server-2.1.2-150200.15.15.1 freerdp-server-debuginfo-2.1.2-150200.15.15.1 freerdp-wayland-2.1.2-150200.15.15.1 freerdp-wayland-debuginfo-2.1.2-150200.15.15.1 libfreerdp2-2.1.2-150200.15.15.1 libfreerdp2-debuginfo-2.1.2-150200.15.15.1 libuwac0-0-2.1.2-150200.15.15.1 libuwac0-0-debuginfo-2.1.2-150200.15.15.1 libwinpr2-2.1.2-150200.15.15.1 libwinpr2-debuginfo-2.1.2-150200.15.15.1 uwac0-0-devel-2.1.2-150200.15.15.1 winpr2-devel-2.1.2-150200.15.15.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-150200.15.15.1 freerdp-debuginfo-2.1.2-150200.15.15.1 freerdp-debugsource-2.1.2-150200.15.15.1 freerdp-devel-2.1.2-150200.15.15.1 freerdp-proxy-2.1.2-150200.15.15.1 freerdp-proxy-debuginfo-2.1.2-150200.15.15.1 libfreerdp2-2.1.2-150200.15.15.1 libfreerdp2-debuginfo-2.1.2-150200.15.15.1 libwinpr2-2.1.2-150200.15.15.1 libwinpr2-debuginfo-2.1.2-150200.15.15.1 winpr2-devel-2.1.2-150200.15.15.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-150200.15.15.1 freerdp-debuginfo-2.1.2-150200.15.15.1 freerdp-debugsource-2.1.2-150200.15.15.1 freerdp-devel-2.1.2-150200.15.15.1 freerdp-proxy-2.1.2-150200.15.15.1 freerdp-proxy-debuginfo-2.1.2-150200.15.15.1 libfreerdp2-2.1.2-150200.15.15.1 libfreerdp2-debuginfo-2.1.2-150200.15.15.1 libwinpr2-2.1.2-150200.15.15.1 libwinpr2-debuginfo-2.1.2-150200.15.15.1 winpr2-devel-2.1.2-150200.15.15.1 References: https://www.suse.com/security/cve/CVE-2022-24882.html https://www.suse.com/security/cve/CVE-2022-24883.html https://bugzilla.suse.com/1198919 https://bugzilla.suse.com/1198921 From sle-updates at lists.suse.com Mon Jul 11 19:15:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jul 2022 21:15:23 +0200 (CEST) Subject: SUSE-SU-2022:2356-1: important: Security update for curl Message-ID: <20220711191523.9D18FFDCF@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2356-1 Rating: important References: #1200737 Cross-References: CVE-2022-32208 CVSS scores: CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2356=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2356=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): curl-7.37.0-37.79.1 curl-debuginfo-7.37.0-37.79.1 curl-debugsource-7.37.0-37.79.1 libcurl4-32bit-7.37.0-37.79.1 libcurl4-7.37.0-37.79.1 libcurl4-debuginfo-32bit-7.37.0-37.79.1 libcurl4-debuginfo-7.37.0-37.79.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.79.1 curl-debuginfo-7.37.0-37.79.1 curl-debugsource-7.37.0-37.79.1 libcurl4-32bit-7.37.0-37.79.1 libcurl4-7.37.0-37.79.1 libcurl4-debuginfo-32bit-7.37.0-37.79.1 libcurl4-debuginfo-7.37.0-37.79.1 References: https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Mon Jul 11 22:15:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 00:15:39 +0200 (CEST) Subject: SUSE-SU-2022:2357-1: important: Security update for python3 Message-ID: <20220711221539.B057EFDCF@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2357-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2357=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2357=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2357=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2357=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2357=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.27.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1 python3-3.6.15-150300.10.27.1 python3-base-3.6.15-150300.10.27.1 python3-base-debuginfo-3.6.15-150300.10.27.1 python3-core-debugsource-3.6.15-150300.10.27.1 python3-curses-3.6.15-150300.10.27.1 python3-curses-debuginfo-3.6.15-150300.10.27.1 python3-dbm-3.6.15-150300.10.27.1 python3-dbm-debuginfo-3.6.15-150300.10.27.1 python3-debuginfo-3.6.15-150300.10.27.1 python3-debugsource-3.6.15-150300.10.27.1 python3-devel-3.6.15-150300.10.27.1 python3-devel-debuginfo-3.6.15-150300.10.27.1 python3-doc-3.6.15-150300.10.27.1 python3-doc-devhelp-3.6.15-150300.10.27.1 python3-idle-3.6.15-150300.10.27.1 python3-testsuite-3.6.15-150300.10.27.1 python3-testsuite-debuginfo-3.6.15-150300.10.27.1 python3-tk-3.6.15-150300.10.27.1 python3-tk-debuginfo-3.6.15-150300.10.27.1 python3-tools-3.6.15-150300.10.27.1 - openSUSE Leap 15.4 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.27.1 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.27.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.27.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1 python3-3.6.15-150300.10.27.1 python3-base-3.6.15-150300.10.27.1 python3-base-debuginfo-3.6.15-150300.10.27.1 python3-core-debugsource-3.6.15-150300.10.27.1 python3-curses-3.6.15-150300.10.27.1 python3-curses-debuginfo-3.6.15-150300.10.27.1 python3-dbm-3.6.15-150300.10.27.1 python3-dbm-debuginfo-3.6.15-150300.10.27.1 python3-debuginfo-3.6.15-150300.10.27.1 python3-debugsource-3.6.15-150300.10.27.1 python3-devel-3.6.15-150300.10.27.1 python3-devel-debuginfo-3.6.15-150300.10.27.1 python3-doc-3.6.15-150300.10.27.1 python3-doc-devhelp-3.6.15-150300.10.27.1 python3-idle-3.6.15-150300.10.27.1 python3-testsuite-3.6.15-150300.10.27.1 python3-testsuite-debuginfo-3.6.15-150300.10.27.1 python3-tk-3.6.15-150300.10.27.1 python3-tk-debuginfo-3.6.15-150300.10.27.1 python3-tools-3.6.15-150300.10.27.1 - openSUSE Leap 15.3 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.27.1 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.27.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.27.1 python3-tools-3.6.15-150300.10.27.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.27.1 python3-tools-3.6.15-150300.10.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.27.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1 python3-3.6.15-150300.10.27.1 python3-base-3.6.15-150300.10.27.1 python3-base-debuginfo-3.6.15-150300.10.27.1 python3-core-debugsource-3.6.15-150300.10.27.1 python3-curses-3.6.15-150300.10.27.1 python3-curses-debuginfo-3.6.15-150300.10.27.1 python3-dbm-3.6.15-150300.10.27.1 python3-dbm-debuginfo-3.6.15-150300.10.27.1 python3-debuginfo-3.6.15-150300.10.27.1 python3-debugsource-3.6.15-150300.10.27.1 python3-devel-3.6.15-150300.10.27.1 python3-devel-debuginfo-3.6.15-150300.10.27.1 python3-idle-3.6.15-150300.10.27.1 python3-tk-3.6.15-150300.10.27.1 python3-tk-debuginfo-3.6.15-150300.10.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.27.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1 python3-3.6.15-150300.10.27.1 python3-base-3.6.15-150300.10.27.1 python3-base-debuginfo-3.6.15-150300.10.27.1 python3-core-debugsource-3.6.15-150300.10.27.1 python3-curses-3.6.15-150300.10.27.1 python3-curses-debuginfo-3.6.15-150300.10.27.1 python3-dbm-3.6.15-150300.10.27.1 python3-dbm-debuginfo-3.6.15-150300.10.27.1 python3-debuginfo-3.6.15-150300.10.27.1 python3-debugsource-3.6.15-150300.10.27.1 python3-devel-3.6.15-150300.10.27.1 python3-devel-debuginfo-3.6.15-150300.10.27.1 python3-idle-3.6.15-150300.10.27.1 python3-tk-3.6.15-150300.10.27.1 python3-tk-debuginfo-3.6.15-150300.10.27.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.27.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1 python3-3.6.15-150300.10.27.1 python3-base-3.6.15-150300.10.27.1 python3-base-debuginfo-3.6.15-150300.10.27.1 python3-core-debugsource-3.6.15-150300.10.27.1 python3-debuginfo-3.6.15-150300.10.27.1 python3-debugsource-3.6.15-150300.10.27.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Tue Jul 12 07:15:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 09:15:09 +0200 (CEST) Subject: SUSE-RU-2022:2358-1: moderate: Recommended update for augeas Message-ID: <20220712071509.9B110FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for augeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2358-1 Rating: moderate References: #1197443 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2358=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2358=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): augeas-1.12.0-150400.3.3.6 augeas-debuginfo-1.12.0-150400.3.3.6 augeas-debugsource-1.12.0-150400.3.3.6 augeas-devel-1.12.0-150400.3.3.6 augeas-lense-tests-1.12.0-150400.3.3.6 augeas-lenses-1.12.0-150400.3.3.6 libaugeas0-1.12.0-150400.3.3.6 libaugeas0-debuginfo-1.12.0-150400.3.3.6 - openSUSE Leap 15.4 (x86_64): augeas-devel-32bit-1.12.0-150400.3.3.6 libaugeas0-32bit-1.12.0-150400.3.3.6 libaugeas0-32bit-debuginfo-1.12.0-150400.3.3.6 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): augeas-1.12.0-150400.3.3.6 augeas-debuginfo-1.12.0-150400.3.3.6 augeas-debugsource-1.12.0-150400.3.3.6 augeas-devel-1.12.0-150400.3.3.6 augeas-lenses-1.12.0-150400.3.3.6 libaugeas0-1.12.0-150400.3.3.6 libaugeas0-debuginfo-1.12.0-150400.3.3.6 References: https://bugzilla.suse.com/1197443 From sle-updates at lists.suse.com Tue Jul 12 07:49:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 09:49:41 +0200 (CEST) Subject: SUSE-CU-2022:1460-1: Security update of bci/nodejs Message-ID: <20220712074941.58D9FFD17@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1460-1 Container Tags : bci/node:12 , bci/node:12-16.89 , bci/nodejs:12 , bci/nodejs:12-16.89 Container Release : 16.89 Severity : important Type : security References : 1198511 CVE-2015-20107 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - python3-base-3.6.15-150300.10.27.1 updated - container:sles15-image-15.0.0-17.17.22 updated From sle-updates at lists.suse.com Tue Jul 12 07:54:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 09:54:19 +0200 (CEST) Subject: SUSE-CU-2022:1471-1: Security update of bci/nodejs Message-ID: <20220712075419.9AF81FD17@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1471-1 Container Tags : bci/node:14 , bci/node:14-13.10 , bci/nodejs:14 , bci/nodejs:14-13.10 Container Release : 13.10 Severity : important Type : security References : 1185637 1196025 1196026 1196168 1196169 1196171 1196784 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - container:sles15-image-15.0.0-27.8.3 updated From sle-updates at lists.suse.com Tue Jul 12 13:16:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 15:16:14 +0200 (CEST) Subject: SUSE-SU-2022:2359-1: important: Security update for squid Message-ID: <20220712131614.981E0FD17@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2359-1 Rating: important References: #1200907 Cross-References: CVE-2021-46784 CVSS scores: CVE-2021-46784 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - Update to 5.6: - Improve handling of Gopher responses - Changes in 5.5: - fixes regression Bug 5192: esi_parser default is incorrect - Bug 5177: clientca certificates sent to https_port clients - Bug 5090: Must(!request->pinnedConnection()) violation - Kid restart leads to persistent queue overflows, delays/timeouts Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2359=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2359=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): squid-5.6-150400.3.3.1 squid-debuginfo-5.6-150400.3.3.1 squid-debugsource-5.6-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): squid-5.6-150400.3.3.1 squid-debuginfo-5.6-150400.3.3.1 squid-debugsource-5.6-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-46784.html https://bugzilla.suse.com/1200907 From sle-updates at lists.suse.com Tue Jul 12 13:16:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 15:16:48 +0200 (CEST) Subject: SUSE-SU-2022:2360-1: important: Security update for pcre2 Message-ID: <20220712131648.4A80FFD17@maintenance.suse.de> SUSE Security Update: Security update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2360-1 Rating: important References: #1199232 Cross-References: CVE-2022-1586 CVSS scores: CVE-2022-1586 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1586 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2360=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2360=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.3.1 libpcre2-16-0-debuginfo-10.39-150400.4.3.1 libpcre2-32-0-10.39-150400.4.3.1 libpcre2-32-0-debuginfo-10.39-150400.4.3.1 libpcre2-8-0-10.39-150400.4.3.1 libpcre2-8-0-debuginfo-10.39-150400.4.3.1 libpcre2-posix2-10.39-150400.4.3.1 libpcre2-posix2-debuginfo-10.39-150400.4.3.1 pcre2-debugsource-10.39-150400.4.3.1 pcre2-devel-10.39-150400.4.3.1 pcre2-devel-static-10.39-150400.4.3.1 pcre2-tools-10.39-150400.4.3.1 pcre2-tools-debuginfo-10.39-150400.4.3.1 - openSUSE Leap 15.4 (noarch): pcre2-doc-10.39-150400.4.3.1 - openSUSE Leap 15.4 (x86_64): libpcre2-16-0-32bit-10.39-150400.4.3.1 libpcre2-16-0-32bit-debuginfo-10.39-150400.4.3.1 libpcre2-32-0-32bit-10.39-150400.4.3.1 libpcre2-32-0-32bit-debuginfo-10.39-150400.4.3.1 libpcre2-8-0-32bit-10.39-150400.4.3.1 libpcre2-8-0-32bit-debuginfo-10.39-150400.4.3.1 libpcre2-posix2-32bit-10.39-150400.4.3.1 libpcre2-posix2-32bit-debuginfo-10.39-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.3.1 libpcre2-16-0-debuginfo-10.39-150400.4.3.1 libpcre2-32-0-10.39-150400.4.3.1 libpcre2-32-0-debuginfo-10.39-150400.4.3.1 libpcre2-8-0-10.39-150400.4.3.1 libpcre2-8-0-debuginfo-10.39-150400.4.3.1 libpcre2-posix2-10.39-150400.4.3.1 libpcre2-posix2-debuginfo-10.39-150400.4.3.1 pcre2-debugsource-10.39-150400.4.3.1 pcre2-devel-10.39-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-1586.html https://bugzilla.suse.com/1199232 From sle-updates at lists.suse.com Tue Jul 12 13:17:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 15:17:37 +0200 (CEST) Subject: SUSE-SU-2022:2361-1: important: Security update for pcre Message-ID: <20220712131737.56CDCFD17@maintenance.suse.de> SUSE Security Update: Security update for pcre ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2361-1 Rating: important References: #1199232 Cross-References: CVE-2022-1586 CVSS scores: CVE-2022-1586 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1586 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2361=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2361=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2361=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2361=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2361=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2361=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2361=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2361=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2361=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2361=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2361=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2361=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2361=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2361=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2361=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2361=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2361=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2361=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2361=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2361=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-devel-static-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - openSUSE Leap 15.4 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre16-0-32bit-8.45-150000.20.13.1 libpcre16-0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcreposix0-32bit-8.45-150000.20.13.1 libpcreposix0-32bit-debuginfo-8.45-150000.20.13.1 - openSUSE Leap 15.4 (noarch): pcre-doc-8.45-150000.20.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-devel-static-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - openSUSE Leap 15.3 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre16-0-32bit-8.45-150000.20.13.1 libpcre16-0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcreposix0-32bit-8.45-150000.20.13.1 libpcreposix0-32bit-debuginfo-8.45-150000.20.13.1 - openSUSE Leap 15.3 (noarch): pcre-doc-8.45-150000.20.13.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Manager Server 4.1 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Manager Proxy 4.1 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Enterprise Storage 7 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 - SUSE Enterprise Storage 6 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 - SUSE CaaS Platform 4.0 (x86_64): libpcre1-32bit-8.45-150000.20.13.1 libpcre1-32bit-debuginfo-8.45-150000.20.13.1 libpcre1-8.45-150000.20.13.1 libpcre1-debuginfo-8.45-150000.20.13.1 libpcre16-0-8.45-150000.20.13.1 libpcre16-0-debuginfo-8.45-150000.20.13.1 libpcrecpp0-32bit-8.45-150000.20.13.1 libpcrecpp0-32bit-debuginfo-8.45-150000.20.13.1 libpcrecpp0-8.45-150000.20.13.1 libpcrecpp0-debuginfo-8.45-150000.20.13.1 libpcreposix0-8.45-150000.20.13.1 libpcreposix0-debuginfo-8.45-150000.20.13.1 pcre-debugsource-8.45-150000.20.13.1 pcre-devel-8.45-150000.20.13.1 pcre-tools-8.45-150000.20.13.1 pcre-tools-debuginfo-8.45-150000.20.13.1 References: https://www.suse.com/security/cve/CVE-2022-1586.html https://bugzilla.suse.com/1199232 From sle-updates at lists.suse.com Tue Jul 12 16:16:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:16:55 +0200 (CEST) Subject: SUSE-RU-2022:2365-1: moderate: Recommended update for mdadm Message-ID: <20220712161655.82F2EFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2365-1 Rating: moderate References: #1197158 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2365=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2365=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2365=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2365=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2365=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2365=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2365=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2365=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2365=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2365=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2365=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2365=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2365=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2365=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2365=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Manager Proxy 4.1 (x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 - SUSE CaaS Platform 4.0 (x86_64): mdadm-4.1-150100.15.35.1 mdadm-debuginfo-4.1-150100.15.35.1 mdadm-debugsource-4.1-150100.15.35.1 References: https://bugzilla.suse.com/1197158 From sle-updates at lists.suse.com Tue Jul 12 16:17:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:17:37 +0200 (CEST) Subject: SUSE-RU-2022:2364-1: moderate: Recommended update for mdadm Message-ID: <20220712161737.472F9FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2364-1 Rating: moderate References: #1197158 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2364=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2364=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2364=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2364=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2364=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2364=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): mdadm-4.1-150300.24.15.1 mdadm-debuginfo-4.1-150300.24.15.1 mdadm-debugsource-4.1-150300.24.15.1 References: https://bugzilla.suse.com/1197158 From sle-updates at lists.suse.com Tue Jul 12 16:18:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:18:12 +0200 (CEST) Subject: SUSE-RU-2022:2362-1: moderate: Recommended update for azure-cli, azure-cli-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security Message-ID: <20220712161812.6272BFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-cli, azure-cli-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2362-1 Rating: moderate References: #1189411 #1191482 #1192671 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for azure-cli, azure-cli-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security contains the following fixes: Changes in azure-cli: - Update in SLE-12 (bsc#1189411, bsc#1191482) - Add missing python-rpm-macros to BuildRequires - New upstream release 2.17.1 - For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py Changes in azure-cli-core: - Update in SLE-12. (bsc#1189411, bsc#1191482) - Fix regression in patch to disable update check. (bsc#1192671) - New upstream release 2.17.1: - For detailed information about changes see the HISTORY.rst file provided with this package Changes in python-azure-batch: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Only build Python3 flavors for distributions 15 and greater Changes in python-azure-mgmt-compute: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 18.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package + Version 17.0.0 Changes in python-azure-mgmt-containerregistry: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 3.0.0rc16 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-databoxedge: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 0.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Rename HISTORY.rst to CHANGELOG.md in %files section - Rename README.rst to README.md in %files section Changes in python-azure-mgmt-network: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 17.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-security: - Update in SLE-12 (bsc#1189411, bsc#1191482) - New upstream release + Version 0.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2362=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.17.1-2.17.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-cli-2.17.1-2.17.1 azure-cli-core-2.17.1-2.19.1 python-azure-batch-10.0.0-2.13.11 python-azure-core-1.22.1-2.6.4 python-azure-mgmt-compute-18.0.0-2.13.1 python-azure-mgmt-containerregistry-3.0.0rc16-2.13.1 python-azure-mgmt-databoxedge-0.2.0-2.6.1 python-azure-mgmt-network-17.0.0-2.13.1 python-azure-mgmt-security-0.6.0-2.6.1 python-azure-sdk-4.0.0-16.9.1 python-msrest-0.6.21-5.17.1 python3-azure-ai-formrecognizer-3.1.2-2.3.1 python3-azure-batch-10.0.0-2.13.11 python3-azure-core-1.22.1-2.6.4 python3-azure-mgmt-compute-18.0.0-2.13.1 python3-azure-mgmt-containerregistry-3.0.0rc16-2.13.1 python3-azure-mgmt-databoxedge-0.2.0-2.6.1 python3-azure-mgmt-network-17.0.0-2.13.1 python3-azure-mgmt-security-0.6.0-2.6.1 python3-azure-sdk-4.0.0-16.9.1 python3-azure-synapse-managedprivateendpoints-0.4.0-2.3.1 python3-azure-synapse-monitoring-0.2.0-2.3.1 python3-azure-template-0.1.0b1293622-2.3.6 python3-msrest-0.6.21-5.17.1 References: https://bugzilla.suse.com/1189411 https://bugzilla.suse.com/1191482 https://bugzilla.suse.com/1192671 From sle-updates at lists.suse.com Tue Jul 12 16:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:18:54 +0200 (CEST) Subject: SUSE-RU-2022:2363-1: moderate: Recommended update for rust1.59 Message-ID: <20220712161854.A1F41FD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust1.59 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2363-1 Rating: moderate References: #1196496 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rust1.59 fixes the following issues: - For building requires gcc by default to enable linking to work correctly (bsc#1196496) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2363=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2363=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2363=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2363=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo1.59-1.59.0-150300.7.7.2 cargo1.59-debuginfo-1.59.0-150300.7.7.2 rust1.59-1.59.0-150300.7.7.2 rust1.59-debuginfo-1.59.0-150300.7.7.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo1.59-1.59.0-150300.7.7.2 cargo1.59-debuginfo-1.59.0-150300.7.7.2 rust1.59-1.59.0-150300.7.7.2 rust1.59-debuginfo-1.59.0-150300.7.7.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo1.59-1.59.0-150300.7.7.2 cargo1.59-debuginfo-1.59.0-150300.7.7.2 rust1.59-1.59.0-150300.7.7.2 rust1.59-debuginfo-1.59.0-150300.7.7.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo1.59-1.59.0-150300.7.7.2 cargo1.59-debuginfo-1.59.0-150300.7.7.2 rust1.59-1.59.0-150300.7.7.2 rust1.59-debuginfo-1.59.0-150300.7.7.2 References: https://bugzilla.suse.com/1196496 From sle-updates at lists.suse.com Tue Jul 12 16:19:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:19:28 +0200 (CEST) Subject: SUSE-RU-2022:2366-1: moderate: Recommended update for mdadm Message-ID: <20220712161928.A23DBFD17@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2366-1 Rating: moderate References: #1197158 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2366=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.26.1 mdadm-debuginfo-4.1-4.26.1 mdadm-debugsource-4.1-4.26.1 References: https://bugzilla.suse.com/1197158 From sle-updates at lists.suse.com Tue Jul 12 16:20:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 18:20:03 +0200 (CEST) Subject: SUSE-SU-2022:2367-1: important: Security update for squid Message-ID: <20220712162003.50D47FD17@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2367-1 Rating: important References: #1185923 #1186654 #1200907 Cross-References: CVE-2021-33620 CVE-2021-46784 CVSS scores: CVE-2021-33620 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33620 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46784 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - CVE-2021-33620: Fixed DoS in HTTP Response processing (bsc#1185923, bsc#1186654) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2367=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): squid-4.17-4.24.1 squid-debuginfo-4.17-4.24.1 squid-debugsource-4.17-4.24.1 References: https://www.suse.com/security/cve/CVE-2021-33620.html https://www.suse.com/security/cve/CVE-2021-46784.html https://bugzilla.suse.com/1185923 https://bugzilla.suse.com/1186654 https://bugzilla.suse.com/1200907 From sle-updates at lists.suse.com Tue Jul 12 19:15:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:15:37 +0200 (CEST) Subject: SUSE-SU-2022:2373-1: important: Security update for xorg-x11-server Message-ID: <20220712191537.26048FD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2373-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2373=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2373=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.32.1 xorg-x11-server-debugsource-1.19.6-10.32.1 xorg-x11-server-sdk-1.19.6-10.32.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.32.1 xorg-x11-server-debuginfo-1.19.6-10.32.1 xorg-x11-server-debugsource-1.19.6-10.32.1 xorg-x11-server-extra-1.19.6-10.32.1 xorg-x11-server-extra-debuginfo-1.19.6-10.32.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 19:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:16:20 +0200 (CEST) Subject: SUSE-SU-2022:2370-1: important: Security update for xorg-x11-server Message-ID: <20220712191620.543ACFD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2370-1 Rating: important References: #1194179 #1194181 #1200076 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). - Fix Xserver crash on keyboard remapping (bsc#1200076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2370=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2370=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2370=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.5.1 xorg-x11-server-debuginfo-1.20.3-150400.38.5.1 xorg-x11-server-debugsource-1.20.3-150400.38.5.1 xorg-x11-server-extra-1.20.3-150400.38.5.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.5.1 xorg-x11-server-sdk-1.20.3-150400.38.5.1 xorg-x11-server-source-1.20.3-150400.38.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.5.1 xorg-x11-server-debugsource-1.20.3-150400.38.5.1 xorg-x11-server-sdk-1.20.3-150400.38.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.5.1 xorg-x11-server-debuginfo-1.20.3-150400.38.5.1 xorg-x11-server-debugsource-1.20.3-150400.38.5.1 xorg-x11-server-extra-1.20.3-150400.38.5.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.5.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 https://bugzilla.suse.com/1200076 From sle-updates at lists.suse.com Tue Jul 12 19:17:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:17:08 +0200 (CEST) Subject: SUSE-SU-2022:2369-1: important: Security update for xorg-x11-server Message-ID: <20220712191708.2128AFD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2369-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2369=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2369=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2369=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2369=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.31.1 xorg-x11-server-debuginfo-1.19.6-4.31.1 xorg-x11-server-debugsource-1.19.6-4.31.1 xorg-x11-server-extra-1.19.6-4.31.1 xorg-x11-server-extra-debuginfo-1.19.6-4.31.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.31.1 xorg-x11-server-debuginfo-1.19.6-4.31.1 xorg-x11-server-debugsource-1.19.6-4.31.1 xorg-x11-server-extra-1.19.6-4.31.1 xorg-x11-server-extra-debuginfo-1.19.6-4.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.31.1 xorg-x11-server-debuginfo-1.19.6-4.31.1 xorg-x11-server-debugsource-1.19.6-4.31.1 xorg-x11-server-extra-1.19.6-4.31.1 xorg-x11-server-extra-debuginfo-1.19.6-4.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.31.1 xorg-x11-server-debuginfo-1.19.6-4.31.1 xorg-x11-server-debugsource-1.19.6-4.31.1 xorg-x11-server-extra-1.19.6-4.31.1 xorg-x11-server-extra-debuginfo-1.19.6-4.31.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 19:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:17:52 +0200 (CEST) Subject: SUSE-SU-2022:2371-1: important: Security update for xorg-x11-server Message-ID: <20220712191752.9717DFD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2371-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2371=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2371=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2371=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2371=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-150000.8.39.1 xorg-x11-server-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-debugsource-1.19.6-150000.8.39.1 xorg-x11-server-extra-1.19.6-150000.8.39.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-sdk-1.19.6-150000.8.39.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-150000.8.39.1 xorg-x11-server-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-debugsource-1.19.6-150000.8.39.1 xorg-x11-server-extra-1.19.6-150000.8.39.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-sdk-1.19.6-150000.8.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.39.1 xorg-x11-server-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-debugsource-1.19.6-150000.8.39.1 xorg-x11-server-extra-1.19.6-150000.8.39.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-sdk-1.19.6-150000.8.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.39.1 xorg-x11-server-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-debugsource-1.19.6-150000.8.39.1 xorg-x11-server-extra-1.19.6-150000.8.39.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.39.1 xorg-x11-server-sdk-1.19.6-150000.8.39.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 19:18:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:18:33 +0200 (CEST) Subject: SUSE-SU-2022:2372-1: important: Security update for xorg-x11-server Message-ID: <20220712191833.38E4DFD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2372-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2372=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2372=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.49.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.49.1 xorg-x11-server-debugsource-7.6_1.18.3-76.49.1 xorg-x11-server-extra-7.6_1.18.3-76.49.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.49.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.49.1 xorg-x11-server-debugsource-7.6_1.18.3-76.49.1 xorg-x11-server-extra-7.6_1.18.3-76.49.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.49.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 19:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:19:19 +0200 (CEST) Subject: SUSE-SU-2022:2375-1: important: Security update for xorg-x11-server Message-ID: <20220712191919.62E19FD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2375-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2375=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2375=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2375=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2375=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2375=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2375=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2375=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2375=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2375=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2375=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2375=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2375=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2375=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2375=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2375=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.55.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 xorg-x11-server-source-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.55.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-1.20.3-150200.22.5.55.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.55.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-1.20.3-150200.22.5.55.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.55.1 xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 19:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jul 2022 21:20:08 +0200 (CEST) Subject: SUSE-SU-2022:2374-1: important: Security update for xorg-x11-server Message-ID: <20220712192008.BEABEFD17@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2374-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2374=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2374=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2374=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2374=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2374=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2374=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 From sle-updates at lists.suse.com Tue Jul 12 22:16:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 00:16:04 +0200 (CEST) Subject: SUSE-SU-2022:2376-1: important: Security update for the Linux Kernel Message-ID: <20220712221604.C491BF374@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2376-1 Rating: important References: #1065729 #1179195 #1180814 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1199487 #1199489 #1199657 #1200217 #1200263 #1200442 #1200571 #1200599 #1200600 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3 move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2376=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2376=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.69.1 kernel-source-azure-5.3.18-150300.38.69.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.69.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.69.1 dlm-kmp-azure-5.3.18-150300.38.69.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.69.1 gfs2-kmp-azure-5.3.18-150300.38.69.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.69.1 kernel-azure-5.3.18-150300.38.69.1 kernel-azure-debuginfo-5.3.18-150300.38.69.1 kernel-azure-debugsource-5.3.18-150300.38.69.1 kernel-azure-devel-5.3.18-150300.38.69.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.69.1 kernel-azure-extra-5.3.18-150300.38.69.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.69.1 kernel-azure-livepatch-devel-5.3.18-150300.38.69.1 kernel-azure-optional-5.3.18-150300.38.69.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.69.1 kernel-syms-azure-5.3.18-150300.38.69.1 kselftests-kmp-azure-5.3.18-150300.38.69.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.69.1 ocfs2-kmp-azure-5.3.18-150300.38.69.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.69.1 reiserfs-kmp-azure-5.3.18-150300.38.69.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.69.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.69.1 kernel-azure-debuginfo-5.3.18-150300.38.69.1 kernel-azure-debugsource-5.3.18-150300.38.69.1 kernel-azure-devel-5.3.18-150300.38.69.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.69.1 kernel-syms-azure-5.3.18-150300.38.69.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.69.1 kernel-source-azure-5.3.18-150300.38.69.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200217 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201143 https://bugzilla.suse.com/1201147 https://bugzilla.suse.com/1201149 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Tue Jul 12 22:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 00:20:25 +0200 (CEST) Subject: SUSE-SU-2022:2377-1: important: Security update for the Linux Kernel Message-ID: <20220712222025.7D70EF374@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2377-1 Rating: important References: #1065729 #1129770 #1177282 #1194013 #1196964 #1197170 #1199482 #1199487 #1199657 #1200343 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1200806 #1200807 #1200809 #1200810 #1200813 #1200820 #1200821 #1200822 #1200829 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1200925 #1201080 #1201251 Cross-References: CVE-2020-26541 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - audit: fix a race condition with the auditd tracking code (bsc#1197170). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - bonding: fix bond_neigh_init() (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages (bsc#1200873). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - iomap: iomap_write_failed fix (bsc#1200829). - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - kvm: i8254: remove redundant assignment to pointer s (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (git-fixes). - KVM: x86: always stop emulation on page fault (git-fixes). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: do not modify masked bits of shared MSRs (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform (git-fixes). - KVM: x86: Fix x86_decode_insn() return when fetching insn bytes fails (git-fixes). - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (git-fixes). - kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Manually calculate reserved bits when loading PDPTRS (git-fixes). - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes). - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path (git-fixes). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (git-fixes). - KVM: x86: set ctxt->have_exception in x86_decode_insn() (git-fixes). - kvm: x86: skip populating logical dest map if apic is not sw enabled (git-fixes). - KVM: x86: Trace the original requested CPUID function in kvm_cpuid() (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - net/mlx5: Avoid double free of root ns in the error flow path (git-fixes). - net/mlx5e: Replace reciprocal_scale in TX select queue function (git-fixes). - net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes). - net/mlx5: Fix auto group size calculation (git-fixes). - net: qed: Disable aRFS for NPAR and 100G (git-fixes). - net: qede: Disable aRFS for NPAR and 100G (git-fixes). - net: stmmac: update rx tail pointer register to fix rx dma hang issue (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Tidy comments (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - qed: Enable automatic recovery on error condition (bsc#1196964). - raid5: introduce MD_BROKEN (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - target: remove an incorrect unmap zeroes data deduction (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770) - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2377=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.103.1 kernel-source-azure-4.12.14-16.103.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.103.1 kernel-azure-base-4.12.14-16.103.1 kernel-azure-base-debuginfo-4.12.14-16.103.1 kernel-azure-debuginfo-4.12.14-16.103.1 kernel-azure-debugsource-4.12.14-16.103.1 kernel-azure-devel-4.12.14-16.103.1 kernel-syms-azure-4.12.14-16.103.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196964 https://bugzilla.suse.com/1197170 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Wed Jul 13 07:38:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:38:37 +0200 (CEST) Subject: SUSE-CU-2022:1475-1: Security update of suse/sle15 Message-ID: <20220713073837.14CB7F374@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1475-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.641 Container Release : 6.2.641 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Wed Jul 13 07:42:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:42:24 +0200 (CEST) Subject: SUSE-CU-2022:1476-1: Security update of bci/nodejs Message-ID: <20220713074224.B0C58F374@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1476-1 Container Tags : bci/node:12 , bci/node:12-16.93 , bci/nodejs:12 , bci/nodejs:12-16.93 Container Release : 16.93 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-17.17.23 updated From sle-updates at lists.suse.com Wed Jul 13 07:42:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:42:37 +0200 (CEST) Subject: SUSE-CU-2022:1477-1: Security update of suse/389-ds Message-ID: <20220713074237.10577F374@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1477-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.12 , suse/389-ds:latest Container Release : 14.12 Severity : important Type : security References : 1198511 CVE-2015-20107 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). The following package changes have been done: - python3-base-3.6.15-150300.10.27.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:42:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:42:40 +0200 (CEST) Subject: SUSE-CU-2022:1478-1: Security update of suse/389-ds Message-ID: <20220713074240.C0A70F374@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1478-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.14 , suse/389-ds:latest Container Release : 14.14 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.5 updated From sle-updates at lists.suse.com Wed Jul 13 07:42:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:42:57 +0200 (CEST) Subject: SUSE-CU-2022:1479-1: Security update of bci/dotnet-aspnet Message-ID: <20220713074257.8D8BFF374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1479-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-16.12 , bci/dotnet-aspnet:3.1.26 , bci/dotnet-aspnet:3.1.26-16.12 Container Release : 16.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:43:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:43:11 +0200 (CEST) Subject: SUSE-CU-2022:1480-1: Security update of bci/dotnet-aspnet Message-ID: <20220713074311.4F70AF374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1480-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.12 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.12 Container Release : 10.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:43:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:43:20 +0200 (CEST) Subject: SUSE-CU-2022:1481-1: Security update of bci/dotnet-aspnet Message-ID: <20220713074320.066D4F374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1481-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.10 , bci/dotnet-aspnet:6.0.6 , bci/dotnet-aspnet:6.0.6-17.10 , bci/dotnet-aspnet:latest Container Release : 17.10 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:43:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:43:40 +0200 (CEST) Subject: SUSE-CU-2022:1483-1: Security update of bci/dotnet-sdk Message-ID: <20220713074340.5FE17F374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1483-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-16.12 , bci/dotnet-sdk:3.1.26 , bci/dotnet-sdk:3.1.26-16.12 Container Release : 16.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:43:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:43:53 +0200 (CEST) Subject: SUSE-CU-2022:1484-1: Security update of bci/dotnet-sdk Message-ID: <20220713074353.EBE40F374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1484-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.12 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.12 Container Release : 10.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:44:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:44:05 +0200 (CEST) Subject: SUSE-CU-2022:1485-1: Security update of bci/dotnet-runtime Message-ID: <20220713074405.02C7AF374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1485-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-15.12 , bci/dotnet-runtime:3.1.26 , bci/dotnet-runtime:3.1.26-15.12 Container Release : 15.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:44:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:44:15 +0200 (CEST) Subject: SUSE-CU-2022:1486-1: Security update of bci/dotnet-runtime Message-ID: <20220713074415.DA578F374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1486-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.12 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.12 Container Release : 10.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:44:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:44:24 +0200 (CEST) Subject: SUSE-CU-2022:1487-1: Security update of bci/dotnet-runtime Message-ID: <20220713074424.44B65F374@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1487-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.12 , bci/dotnet-runtime:6.0.6 , bci/dotnet-runtime:6.0.6-16.12 , bci/dotnet-runtime:latest Container Release : 16.12 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:45:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:45:48 +0200 (CEST) Subject: SUSE-CU-2022:1492-1: Security update of bci/nodejs Message-ID: <20220713074548.660C0F374@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1492-1 Container Tags : bci/node:14 , bci/node:14-13.12 , bci/nodejs:14 , bci/nodejs:14-13.12 Container Release : 13.12 Severity : important Type : security References : 1198511 CVE-2015-20107 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - python3-base-3.6.15-150300.10.27.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:46:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:46:07 +0200 (CEST) Subject: SUSE-CU-2022:1495-1: Security update of suse/pcp Message-ID: <20220713074607.4CD4CF374@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1495-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-7.28 , suse/pcp:latest Container Release : 7.28 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:bci-bci-init-15.4-15.4-19.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:46:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:46:19 +0200 (CEST) Subject: SUSE-CU-2022:1497-1: Security update of bci/python Message-ID: <20220713074619.7C159F374@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1497-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.13 , bci/python:latest Container Release : 4.13 Severity : important Type : security References : 1199232 1199232 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated From sle-updates at lists.suse.com Wed Jul 13 07:46:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:46:28 +0200 (CEST) Subject: SUSE-CU-2022:1498-1: Security update of bci/python Message-ID: <20220713074628.D41B4F374@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1498-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.12 Container Release : 12.12 Severity : important Type : security References : 1198511 CVE-2015-20107 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated - container:sles15-image-15.0.0-27.8.4 updated From sle-updates at lists.suse.com Wed Jul 13 07:46:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:46:55 +0200 (CEST) Subject: SUSE-CU-2022:1500-1: Security update of bci/ruby Message-ID: <20220713074655.D2EC4F374@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1500-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.10 , bci/ruby:latest Container Release : 10.10 Severity : important Type : security References : 1199232 1199232 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated From sle-updates at lists.suse.com Wed Jul 13 07:47:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 09:47:06 +0200 (CEST) Subject: SUSE-CU-2022:1501-1: Recommended update of suse/sle15 Message-ID: <20220713074706.5E02DF374@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1501-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.8.4 , suse/sle15:15.4 , suse/sle15:15.4.27.8.4 Container Release : 27.8.4 Severity : moderate Type : recommended References : 1197443 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) The following package changes have been done: - libaugeas0-1.12.0-150400.3.3.6 updated From sle-updates at lists.suse.com Wed Jul 13 13:16:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 15:16:02 +0200 (CEST) Subject: SUSE-RU-2022:2381-1: moderate: Recommended update for dracut Message-ID: <20220713131602.82E46F374@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2381-1 Rating: moderate References: #1199453 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Fix kernel name parsing in purge-kernels script (bsc#1199453) - Fix versioning so it gets installed when upgrading from older products (eg. from SLE-12.3) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2381=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-044.2-121.1 dracut-debuginfo-044.2-121.1 dracut-debugsource-044.2-121.1 dracut-fips-044.2-121.1 References: https://bugzilla.suse.com/1199453 From sle-updates at lists.suse.com Wed Jul 13 13:16:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 15:16:34 +0200 (CEST) Subject: SUSE-SU-2022:2378-1: important: Security update for cifs-utils Message-ID: <20220713131634.89201F374@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2378-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2378=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2378=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cifs-utils-6.15-150400.3.6.1 cifs-utils-debuginfo-6.15-150400.3.6.1 cifs-utils-debugsource-6.15-150400.3.6.1 cifs-utils-devel-6.15-150400.3.6.1 pam_cifscreds-6.15-150400.3.6.1 pam_cifscreds-debuginfo-6.15-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): cifs-utils-6.15-150400.3.6.1 cifs-utils-debuginfo-6.15-150400.3.6.1 cifs-utils-debugsource-6.15-150400.3.6.1 cifs-utils-devel-6.15-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Jul 13 13:17:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 15:17:14 +0200 (CEST) Subject: SUSE-SU-2022:2382-1: important: Security update for the Linux Kernel Message-ID: <20220713131714.437F0FC35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2382-1 Rating: important References: #1065729 #1129770 #1177282 #1194013 #1196964 #1197170 #1199482 #1199487 #1199657 #1200343 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1200806 #1200807 #1200809 #1200810 #1200813 #1200820 #1200821 #1200822 #1200829 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1200925 #1201080 #1201251 Cross-References: CVE-2020-26541 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - add mainline tag for a pci-hyperv change - audit: fix a race condition with the auditd tracking code (bsc#1197170). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - bonding: fix bond_neigh_init() (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages (bsc#1200873). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - iomap: iomap_write_failed fix (bsc#1200829). - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - kvm: i8254: remove redundant assignment to pointer s (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (git-fixes). - KVM: x86: always stop emulation on page fault (git-fixes). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: do not modify masked bits of shared MSRs (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform (git-fixes). - KVM: x86: Fix x86_decode_insn() return when fetching insn bytes fails (git-fixes). - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (git-fixes). - kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Manually calculate reserved bits when loading PDPTRS (git-fixes). - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes). - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path (git-fixes). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (git-fixes). - KVM: x86: set ctxt->have_exception in x86_decode_insn() (git-fixes). - kvm: x86: skip populating logical dest map if apic is not sw enabled (git-fixes). - KVM: x86: Trace the original requested CPUID function in kvm_cpuid() (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - net/mlx5: Avoid double free of root ns in the error flow path (git-fixes). - net/mlx5e: Replace reciprocal_scale in TX select queue function (git-fixes). - net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes). - net/mlx5: Fix auto group size calculation (git-fixes). - net: qed: Disable aRFS for NPAR and 100G (git-fixes). - net: qede: Disable aRFS for NPAR and 100G (git-fixes). - net: stmmac: update rx tail pointer register to fix rx dma hang issue (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Tidy comments (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - qed: Enable automatic recovery on error condition (bsc#1196964). - raid5: introduce MD_BROKEN (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - target: remove an incorrect unmap zeroes data deduction (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770) - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2382=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2382=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2382=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2382=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2382=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.127.1 kernel-default-debugsource-4.12.14-122.127.1 kernel-default-extra-4.12.14-122.127.1 kernel-default-extra-debuginfo-4.12.14-122.127.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.127.1 kernel-obs-build-debugsource-4.12.14-122.127.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.127.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.127.1 kernel-default-base-4.12.14-122.127.1 kernel-default-base-debuginfo-4.12.14-122.127.1 kernel-default-debuginfo-4.12.14-122.127.1 kernel-default-debugsource-4.12.14-122.127.1 kernel-default-devel-4.12.14-122.127.1 kernel-syms-4.12.14-122.127.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.127.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.127.1 kernel-macros-4.12.14-122.127.1 kernel-source-4.12.14-122.127.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.127.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.127.1 kernel-default-debugsource-4.12.14-122.127.1 kernel-default-kgraft-4.12.14-122.127.1 kernel-default-kgraft-devel-4.12.14-122.127.1 kgraft-patch-4_12_14-122_127-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.127.1 cluster-md-kmp-default-debuginfo-4.12.14-122.127.1 dlm-kmp-default-4.12.14-122.127.1 dlm-kmp-default-debuginfo-4.12.14-122.127.1 gfs2-kmp-default-4.12.14-122.127.1 gfs2-kmp-default-debuginfo-4.12.14-122.127.1 kernel-default-debuginfo-4.12.14-122.127.1 kernel-default-debugsource-4.12.14-122.127.1 ocfs2-kmp-default-4.12.14-122.127.1 ocfs2-kmp-default-debuginfo-4.12.14-122.127.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196964 https://bugzilla.suse.com/1197170 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Wed Jul 13 13:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 15:20:57 +0200 (CEST) Subject: SUSE-RU-2022:2380-1: moderate: Recommended update for dracut Message-ID: <20220713132057.582DEFC35@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2380-1 Rating: moderate References: #1003872 #1175102 #1178219 #1199453 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Fixed for adding timeout to umount calls. (bsc#1178219) - Fixed setup errors in net-lib.sh due to premature did-setup in ifup.sh (bsc#1175102) - Fix kernel name parsing in purge-kernels script (bsc#1199453) - Fix nfsroot option parsing to avoid 'dracut' creating faulty default command line argument. (bsc#1003872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2380=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2380=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2380=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2380=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2380=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2380=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2380=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2380=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2380=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2380=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 - SUSE CaaS Platform 4.0 (x86_64): dracut-044.2-150000.18.79.2 dracut-debuginfo-044.2-150000.18.79.2 dracut-debugsource-044.2-150000.18.79.2 dracut-fips-044.2-150000.18.79.2 dracut-ima-044.2-150000.18.79.2 References: https://bugzilla.suse.com/1003872 https://bugzilla.suse.com/1175102 https://bugzilla.suse.com/1178219 https://bugzilla.suse.com/1199453 From sle-updates at lists.suse.com Wed Jul 13 13:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 15:21:56 +0200 (CEST) Subject: SUSE-SU-2022:2379-1: important: Security update for the Linux Kernel Message-ID: <20220713132156.A282FFC35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2379-1 Rating: important References: #1066618 #1146519 #1194013 #1196901 #1199487 #1199657 #1200571 #1200604 #1200605 #1200619 #1200692 #1201050 #1201080 Cross-References: CVE-2017-16525 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVSS scores: CVE-2017-16525 (NVD) : 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16525 (SUSE): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2017-16525: Fixed a use-after-free after failed setup in usb/serial/console (bsc#1066618). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2379=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.178.1 kernel-macros-4.4.121-92.178.1 kernel-source-4.4.121-92.178.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.178.1 kernel-default-base-4.4.121-92.178.1 kernel-default-base-debuginfo-4.4.121-92.178.1 kernel-default-debuginfo-4.4.121-92.178.1 kernel-default-debugsource-4.4.121-92.178.1 kernel-default-devel-4.4.121-92.178.1 kernel-syms-4.4.121-92.178.1 References: https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1066618 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Wed Jul 13 16:15:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 18:15:47 +0200 (CEST) Subject: SUSE-RU-2022:2386-1: important: - Update in SLE-15 (bsc#1189411, bsc#1191482) Message-ID: <20220713161547.07D3AF374@maintenance.suse.de> SUSE Recommended Update: - Update in SLE-15 (bsc#1189411, bsc#1191482) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2386-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for azure-cli, azurecli-core, python-azure-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security, python-azure-sdk, python-msrest, python-azure-ai-formrecognizer, python-azure-synapse-managedprivateendpoints, python-azure-synapse-monitoring, python-azure-template contains the following fixes: Changes in azure-cli, azurecli-core: - Update in SLE-15. (bsc#1189411, bsc#1191482) - Fix regression in patch to disable update check. (bsc#1192671) - New upstream release 2.17.1: - For detailed information about changes see the HISTORY.rst file provided with this package Changes in python-azure-core: - Update from 1.9.0 to 1.22.1. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-batch: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 10.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Only build Python3 flavors for distributions 15 and greater Changes in python-azure-ai-formrecognizer: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-mgmt-compute: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 18.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Version 17.0.0 Changes in python-azure-mgmt-containerregistry: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 3.0.0rc16 - For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-databoxedge: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 0.2.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Rename HISTORY.rst to CHANGELOG.md in %files section - Rename README.rst to README.md in %files section - Changes in python-azure-mgmt-network: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 17.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Changes in python-azure-mgmt-security: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 0.6.0 - For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-synapse-managedprivateendpoints: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-synapse-monitoring: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-template: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-sdk: Update in SLE-15 (bsc#1189411, bsc#1191482) - Add python-azure-sdk (Python2) to Obsoletes - Add additional packages from the Azure SDK to Requires - python-azure-ai-formrecognizer - python-azure-synapse-managedprivateendpoints - python-azure-synapse-monitoring - python-azure-template - Remove all version constraints in Requires Only build Python3 flavors for distributions 15 and greater Changes in python-msrest: - Update from 0.6.19 to 0.6.21. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2386=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2386=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2386=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2386=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2386=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2386=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.17.1-150100.6.11.2 - openSUSE Leap 15.4 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python-azure-sdk-4.0.0-150100.3.10.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-msrest-0.6.21-150100.6.8.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.17.1-150100.6.11.2 - openSUSE Leap 15.3 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python-azure-sdk-4.0.0-150100.3.10.2 python2-azure-batch-10.0.0-150100.7.8.2 python2-azure-core-1.22.1-150100.3.7.2 python2-azure-mgmt-compute-18.0.0-150100.6.11.2 python2-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python2-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python2-azure-mgmt-network-17.0.0-150100.6.8.2 python2-azure-mgmt-security-0.6.0-150100.3.7.2 python2-msrest-0.6.21-150100.6.8.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-msrest-0.6.21-150100.6.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-msrest-0.6.21-150100.6.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python3-azure-ai-formrecognizer-3.1.2-150100.3.3.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-azure-synapse-managedprivateendpoints-0.4.0-150100.3.3.2 python3-azure-synapse-monitoring-0.2.0-150100.3.3.2 python3-azure-template-0.1.0b1293622-150100.3.3.2 python3-msrest-0.6.21-150100.6.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.17.1-150100.6.11.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python-azure-sdk-4.0.0-150100.3.10.2 python2-azure-ai-formrecognizer-3.1.2-150100.3.3.2 python2-azure-batch-10.0.0-150100.7.8.2 python2-azure-core-1.22.1-150100.3.7.2 python2-azure-mgmt-compute-18.0.0-150100.6.11.2 python2-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python2-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python2-azure-mgmt-network-17.0.0-150100.6.8.2 python2-azure-mgmt-security-0.6.0-150100.3.7.2 python2-azure-synapse-monitoring-0.2.0-150100.3.3.2 python2-azure-template-0.1.0b1293622-150100.3.3.2 python2-msrest-0.6.21-150100.6.8.2 python3-azure-ai-formrecognizer-3.1.2-150100.3.3.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-azure-synapse-managedprivateendpoints-0.4.0-150100.3.3.2 python3-azure-synapse-monitoring-0.2.0-150100.3.3.2 python3-azure-template-0.1.0b1293622-150100.3.3.2 python3-msrest-0.6.21-150100.6.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): azure-cli-test-2.17.1-150100.6.11.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): azure-cli-2.17.1-150100.6.11.2 azure-cli-core-2.17.1-150100.6.14.2 python-azure-sdk-4.0.0-150100.3.10.2 python2-azure-ai-formrecognizer-3.1.2-150100.3.3.2 python2-azure-batch-10.0.0-150100.7.8.2 python2-azure-core-1.22.1-150100.3.7.2 python2-azure-mgmt-compute-18.0.0-150100.6.11.2 python2-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python2-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python2-azure-mgmt-network-17.0.0-150100.6.8.2 python2-azure-mgmt-security-0.6.0-150100.3.7.2 python2-azure-synapse-monitoring-0.2.0-150100.3.3.2 python2-azure-template-0.1.0b1293622-150100.3.3.2 python2-msrest-0.6.21-150100.6.8.2 python3-azure-ai-formrecognizer-3.1.2-150100.3.3.2 python3-azure-batch-10.0.0-150100.7.8.2 python3-azure-core-1.22.1-150100.3.7.2 python3-azure-mgmt-compute-18.0.0-150100.6.11.2 python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 python3-azure-mgmt-network-17.0.0-150100.6.8.2 python3-azure-mgmt-security-0.6.0-150100.3.7.2 python3-azure-sdk-4.0.0-150100.3.10.2 python3-azure-synapse-managedprivateendpoints-0.4.0-150100.3.3.2 python3-azure-synapse-monitoring-0.2.0-150100.3.3.2 python3-azure-template-0.1.0b1293622-150100.3.3.2 python3-msrest-0.6.21-150100.6.8.2 References: From sle-updates at lists.suse.com Wed Jul 13 16:17:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 18:17:15 +0200 (CEST) Subject: SUSE-RU-2020:1361-2: moderate: Recommended update for libgcrypt Message-ID: <20220713161715.C1B64FC35@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:1361-2 Rating: moderate References: #1171872 Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2385=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.36.1 libgcrypt-devel-1.8.2-8.36.1 libgcrypt-devel-debuginfo-1.8.2-8.36.1 libgcrypt20-1.8.2-8.36.1 libgcrypt20-debuginfo-1.8.2-8.36.1 libgcrypt20-hmac-1.8.2-8.36.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libgcrypt-devel-32bit-1.8.2-8.36.1 libgcrypt-devel-32bit-debuginfo-1.8.2-8.36.1 libgcrypt20-32bit-1.8.2-8.36.1 libgcrypt20-32bit-debuginfo-1.8.2-8.36.1 libgcrypt20-hmac-32bit-1.8.2-8.36.1 References: https://bugzilla.suse.com/1171872 From sle-updates at lists.suse.com Wed Jul 13 19:16:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 21:16:16 +0200 (CEST) Subject: SUSE-SU-2021:0955-2: important: Security update for openssl-1_1 Message-ID: <20220713191616.5AC65FC35@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0955-2 Rating: important References: #1183852 Cross-References: CVE-2021-3449 CVSS scores: CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2389=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.20.1 libopenssl1_1-1.1.1d-11.20.1 libopenssl1_1-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-1.1.1d-11.20.1 openssl-1_1-1.1.1d-11.20.1 openssl-1_1-debuginfo-1.1.1d-11.20.1 openssl-1_1-debugsource-1.1.1d-11.20.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-32bit-1.1.1d-11.20.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (noarch): openssl-1_1-doc-1.1.1d-11.20.1 References: https://www.suse.com/security/cve/CVE-2021-3449.html https://bugzilla.suse.com/1183852 From sle-updates at lists.suse.com Wed Jul 13 19:17:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 21:17:03 +0200 (CEST) Subject: SUSE-FU-2022:2390-1: moderate: Feature update for build, obs-scm-bridge, obs-service-tar_scm, osc Message-ID: <20220713191703.99874FC35@maintenance.suse.de> SUSE Feature Update: Feature update for build, obs-scm-bridge, obs-service-tar_scm, osc ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2390-1 Rating: moderate References: #1197298 #1197699 #1198740 #1200148 SLE-24652 SLE-24653 SLE-24657 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four feature fixes and contains three features can now be installed. Description: This feature update for build, obs-scm-bridge, obs-service-tar_scm, osc fixes the following issues: Support the Multi Factor Authentication and the git based workflow. (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) Please, see the following details changes for more information. Upgrade build from version 20210120 to 20220613 as obs-scm-bridge dependency (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - Stop building aarch64_ilp32 baselibs for aarch64 - avod aio=io_uring for now on SLE15-SP4 workers - Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740) - Use aio=io_uring if available (bsc#1197699) - debian cross build support via multi-arch (obsoleting cbinstall remnants) - Tumbleweed config synced - documentation updates - rename --debug to --debuginfo to be more exact. - docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername - Use git+https instead of git-https as url schema - add oops=panic kernel parameter - Updated distribution configurations (esp. Leap 15.4 and Tumbleweed) - new preinstallimages are using zstd by default - source subdirectories are used in git managed sources - supporting kvm builds as non-root user - Extend stage selection support for rpm builds - various distribution config updates - Support "BuildFlags: cumulaterpms" (was done only via suse_version before) - docker: * Add support for --root and --installroot global zypper options * improve registry handling * initial Dockerfile.dapper support * support 'curl' commands in docker builds * strip known domains from container name * support container alias names - pbuild: * add --debug option for building debuginfo packages * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache * Implement SCC calculation * Improve --shell-after-build and --single options * initial documentation of pbuild - Kiwi: * always append the profile name to kiwi container names * Add support for OBS-RemoteAsset and OBS-CopyToImage directives - container builds: * support newer podman versions * supporting multiple containers for multi-stage builds * FROM scratch build support - Other fixes: * Avoid shutdown of host when using nspawn * change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements * Load selinux policy when using a preinstall image * Use the pax format for preinstall images if bsdtar is available * Add %riscv to std_macros * Fix combine_configs dropping newlines * epoch handling in debian builds * catch more cases where a failed build is marked as host error * fixing wrong status reporting when a job got killed * hugetlbfs handling fixes * try mounting selinuxfs in VM * Create the /sys dir when preinstalling (to satisfy dracut) - Features: * Add arm32 and loongarch definitions * Add compatibility code to initvm * Use upstream way of binfmt argv0 preservation (bsc#1197298) * Add template support for Build::SimpleJSON * download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9 * deb zstd support (for Ubuntu 21.10) * support KVM builds with enabled network * modulemd support improvements * Support a "Distmacro" directive for recipe parser-only macros * initial config for Leap 15.4 * Unify ccache and sccache handling * Fix unpacking of deb/arch archives without bsdtar * cross architecture build support (for rpm and kiwi) * modulemd meta data support * supporting external asset stores for source files * support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/ * sccache support * New --shell-after-fail option * allow to disable squashfs in SimpleImage * supporting aarch64 kernel on armv?l distributions * Supporting URL's in Flatpak manifests Provide obs-scm-bridge on version 0.2: (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) * no shallow clone when used with osc * support for LFS fetch * Fixes for _config file export and path handling * Fix a traceback when a project or a package is managed in scm, print a warning instead. Update osc from version 0.172.0 to 0.179.0 (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - 0.179.0 - signature (ssh key) authetication fixes (RSA key support, skip binary files) - commandline: handle calls without arguments gracefully - use percent-quoted url for download url generation - osc co/up: highlight pending requests' header - get_results(): fix check for empty details - another exception for github URLs for "osc add" - update Sphinx configuration, documentation fixes - make Sphinx optional in setup.py not to break package builds - support flavors in aggregatepac - check if repos provided to aggregatepac command exist - several coding style fixes - 0.178.0 - EXPERIMENTAL: git repository handling * init command is working inside of a git repository * downloadassets command fetches references assets from build description * checkout is cloning from git - EXPERIMENTAL: signature (ssh key) authetication * allow to configure 'sshkey' option in the config * try to guess ssh key from the keys added to ssh-agent * rename OscHTTPBasicAuthHandler to OscHTTPAuthHandler * simplify bad auth retry workaround needed for old python versions - add support for building preinstall images - add support for building Helm charts - show the md5s that are failing to validate after fetching a package - add missing space to copypac completion - never require login in the help command - linkdiff: raise an exception when an added file is missing - run tests via calling 'setup.py test' - several coding style fixes - spec file: - run tests via calling 'setup.py test' - disabled tests in debian.rules - 0.177.0 * switch to python3 in osc-wrapper and make python3 explicit * allow formatting of the sccache uri * show repository state and details * a few minor fixes and improvements in credentials handling * order credential managers by priority * kernel keyring is now supported as credential manager * support regex based name filtering in core.get_prj_results() * revision parsing parseRevisionOption(): cleanup and make logic consistent * use sr_ids[0] for superseding (fixes issues with superseding requests containing many packages * download logs and metadata in subdirs named by packages when osc getbinaries is issued on project level or in multibuild case - spec file: * recommed python-keyring-keyutils for new kernel keyring backend - 0.176.0 * add -F option to osc submitreq * add --verbose option to build command * fix getbinaries command to fetch also multibuild packages * fix getbinaries -M/--multibuild-package option usage * skip fetching metadata and logs in the getbinaries command * do not download a bdep with a hdrmd5 from the api by default * re-download file from API when hdrmd5 doesn't match * honor --download-api-only option * remove Windows from the supported operating systems * fix license in setup.py * add py3.10 and py3.11 to the classifiers in setup.py * use the latest version of COPYING file from gnu.org * fix crash on terminal resize during download * do not fail with a traceback in case of a config error * preserve oscrc symlink when writing conf file * escape % character in binary download URLs * fix printing paths to built debian packages - 0.175.1: * Modified SPEC file to be more compatible with KOJI and COPR. ** Modified SPEC file to use python3 for CentOS/RHEL 7 ** Modified SPEC file use fedora/rhel version macros. ** Changed perl to sed in %install section of SPEC file. - 0.175.0: * do not crash when running "osc search --binary --verbose foo" * don't run source services when building outside of an OSC package working copy * fix XDG_CONFIG_HOME * offer a force ("f") choice in metafile.edit's error handling code path * fix XPath used in search requests * add support for creating a workflow token via "osc token" * handle missing os.sysconf more gracefully * detachbranch: remove _link when link target got removed * improve error message in case of an URLError * fix downloading from mirrors * avoid sending entire projects on "osc mr" * fix hdmrd5 check of local cached files * improve logic for conffile mode handling - 0.174.0: * fix password deletion via "osc config -d pass" * support changing the password store via "osc config --select-password-store") * support slash syntax in osc browse ("osc browse prj/pkg" is equivalent to "osc browse prj pkg") * fix the commit of a frozen package wc * fix local product builds using obsrepositories:/ directives * print a meaningful message when trying to a commit a non-existent package - force Mageia >= 8 builds to python3; python2 is deprecated in Mageia 8 and up. - 0.173.0: * add showlinked command to show all references of packages linking to a given one * add build --shell-after-build flag. It can also be set via .oscrc. * add build --stage flag. Useful for example for fixing file lists and just running the install section to see the result of it (use --stage=i=). Check the help for more details. * allow to run build script as non-root, by setting su-wrapper empty => osc is not guessing anymore if user builds are wanted * add support for cross arch local build using a sysroot * support slash notation in "osc creq -a args" * add "--force" option to the "osc add" command (can be used to override the exclude_glob config option) * support the commit of arbitrary sized files * add support for sccache - Install macros.osc to %{_rpmmacrodir}, not to /etc/rpm. Update obs-service-tar_scm from version 0.10.22.1615538418.07a353d to version 0.10.30.1641990734.bdad8f9 (bsc#1200148) - Update to version 0.10.30.1641990734.bdad8f9: * fixes for python2.7 compatibility * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc * various fixes to make linter happy * fix tests for python 2.7 - Update to version 0.10.29.1634038025.85bfc3f: * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc - Update to version 0.10.28.1632141620.a8837d3: * fix missing "checkout" when running in osc * fix breakage on version detection * change locale - Update to version 0.10.27.1626072657.0fb7a03: * [ci] enhanced github actions for multiple python versions * Create main.yml * Change date format from short to %Y%m%d. - Update to version 0.10.26.1624258505.aed4969: * almalinux in spec file * fix include filters for obscpio files * fix python interpreter for mageia 8 * TarScm: use owner/group root in .obscpio files - Update to version 0.10.26.1623775884.87f49a8: * fixed include/exclude filtering * add '--' to git log command if file/dir equal revision exists * add '--source' to git log command * disabled consider-using-with in .pylint*rc * package .gitignore files * Fix version _none_ generate tarball with '-' * Prevent KeyError in check_for_branch_request method * removed skipped test case (obsolete since 5 yrs) * testing for obscpio/obsinfo * fix regression - obsinfo included the version string * Revert "remove useless variables" * remove useless variables * added param --without-version * extracted dstname to _dstname * cleanup TarSCM/tasks.py for pylint * add date/time to logging output for better debugging * Fix typos Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2390=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2390=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2390=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2390=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2390=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2390=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2390=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2390=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2390=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2390=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2390=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2390=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2390=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2390=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2390=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2390=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2390=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2390=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - openSUSE Leap 15.4 (noarch): obs-scm-bridge-0.2-150100.3.3.1 obs-service-appimage-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-obs_scm-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-obs_scm-common-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-snapcraft-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-tar-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-tar_scm-0.10.30.1641990734.bdad8f9-150000.3.15.1 osc-0.179.0-150100.3.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - openSUSE Leap 15.3 (noarch): obs-scm-bridge-0.2-150100.3.3.1 obs-service-appimage-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-obs_scm-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-obs_scm-common-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-snapcraft-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-tar-0.10.30.1641990734.bdad8f9-150000.3.15.1 obs-service-tar_scm-0.10.30.1641990734.bdad8f9-150000.3.15.1 osc-0.179.0-150100.3.29.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Manager Server 4.1 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Manager Retail Branch Server 4.1 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Manager Proxy 4.1 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Manager Proxy 4.1 (x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Enterprise Storage 7 (noarch): obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE Enterprise Storage 6 (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 - SUSE CaaS Platform 4.0 (x86_64): perl-Crypt-SSLeay-0.72-150000.5.5.1 perl-Crypt-SSLeay-debuginfo-0.72-150000.5.5.1 perl-Crypt-SSLeay-debugsource-0.72-150000.5.5.1 perl-YAML-LibYAML-0.69-150000.3.5.1 perl-YAML-LibYAML-debuginfo-0.69-150000.3.5.1 perl-YAML-LibYAML-debugsource-0.69-150000.3.5.1 - SUSE CaaS Platform 4.0 (noarch): build-20220613-150000.3.12.1 build-mkbaselibs-20220613-150000.3.12.1 obs-scm-bridge-0.2-150100.3.3.1 osc-0.179.0-150100.3.29.1 References: https://bugzilla.suse.com/1197298 https://bugzilla.suse.com/1197699 https://bugzilla.suse.com/1198740 https://bugzilla.suse.com/1200148 From sle-updates at lists.suse.com Wed Jul 13 19:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 21:18:08 +0200 (CEST) Subject: SUSE-RU-2022:2387-1: moderate: Recommended update for rust, rust1.61 Message-ID: <20220713191808.BD023FC35@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.61 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2387-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rust, rust1.61 fixes the following issues: This updates ships rust1.61. Version 1.61.0 (2022-05-19) ========================== Language -------- - `const fn` signatures can now include generic trait bounds - `const fn` signatures can now use `impl Trait` in argument and return position - Function pointers can now be created, cast, and passed around in a `const fn` - Recursive calls can now set the value of a function's opaque `impl Trait` return type Compiler -------- - Linking modifier syntax in `#[link]` attributes and on the command line, as well as the `whole-archive` modifier specifically, are now supported - The `char` type is now described as UTF-32 in debuginfo - he [`#[target_feature]`][target_feature] attribute [can now be used with aarch64 features - X86 [`#[target_feature = "adx"]` is now stable Libraries --------- - `ManuallyDrop` is now documented to have the same layout as `T` - `#[ignore = "???"]` messages are printed when running tests - Consistently show absent stdio handles on Windows as NULL handles - Make `std::io::stdio::lock()` return `'static` handles. Previously, the creation of locked handles to stdin/stdout/stderr would borrow the handles being locked, which prevented writing `let out = std::io::stdout().lock();` because `out` would outlive the return value of `stdout()`. Such code now works, eliminating a common pitfall that affected many Rust users. - `Vec::from_raw_parts` is now less restrictive about its inputs - `std::thread::available_parallelism` now takes cgroup quotas into account. Since `available_parallelism` is often used to create a thread pool for parallel computation, which may be CPU-bound for performance, `available_parallelism` will return a value consistent with the ability to use that many threads continuously, if possible. For instance, in a container with 8 virtual CPUs but quotas only allowing for 50% usage, `available_parallelism` will return 4. Stabilized APIs --------------- - `Pin::static_mut` - `Pin::static_ref` - `Vec::retain_mut` - `VecDeque::retain_mut` - `Write` for `Cursor<[u8; N]>` - `std::os::unix::net::SocketAddr::from_pathname` - `std::process::ExitCode` and `std::process::Termination`. The stabilization of these two APIs now makes it possible for programs to return errors from `main` with custom exit codes. - `std::thread::JoinHandle::is_finished`] These APIs are now usable in const contexts: - `<*const T>::offset` and `<*mut T>::offset` - `<*const T>::wrapping_offset` and `<*mut T>::wrapping_offset` - `<*const T>::add` and `<*mut T>::add` - `<*const T>::sub` and `<*mut T>::sub` - `<*const T>::wrapping_add` and `<*mut T>::wrapping_add` - `<*const T>::wrapping_sub` and `<*mut T>::wrapping_sub` - `<[T]>::as_mut_ptr` - `<[T]>::as_ptr_range` - `<[T]>::as_mut_ptr_range` Cargo ----- No feature changes, but see compatibility notes. Compatibility Notes ------------------- - Previously native static libraries were linked as `whole-archive` in some cases, but now rustc tries not to use `whole-archive` unless explicitly requested. This change may result in linking errors in some cases. To fix such errors, native libraries linked from the command line, build scripts, or [`#[link]` attributes][link-attr] need to - (more common) either be reordered to respect dependencies between them (if `a` depends on `b` then `a` should go first and `b` second) - (less common) or be updated to use the [`+whole-archive`] modifier. - Catching a second unwind from FFI code while cleaning up from a Rust panic now causes the process to abort - Proc macros no longer see `ident` matchers wrapped in groups - The number of `#` in `r#` raw string literals is now required to be less than 256 - When checking that a dyn type satisfies a trait bound, supertrait bounds are now enforced - `cargo vendor` now only accepts one value for each `--sync` flag - `cfg` predicates in `all()` and `any()` are always evaluated to detect errors, instead of short-circuiting. The compatibility considerations here arise in nightly-only code that used the short-circuiting behavior of `all` to write something like `cfg(all(feature = "nightly", syntax-requiring-nightly))`, which will now fail to compile. Instead, use either `cfg_attr(feature = "nightly", ...)` or nested uses of `cfg`. - bootstrap: static-libstdcpp is now enabled by default, and can now be disabled when llvm-tools is enabled Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2387=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2387=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2387=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2387=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.61.0-150300.21.26.1 cargo1.61-1.61.0-150300.7.3.1 cargo1.61-debuginfo-1.61.0-150300.7.3.1 rust-1.61.0-150300.21.26.1 rust1.61-1.61.0-150300.7.3.1 rust1.61-debuginfo-1.61.0-150300.7.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo-1.61.0-150300.21.26.1 cargo1.61-1.61.0-150300.7.3.1 cargo1.61-debuginfo-1.61.0-150300.7.3.1 rust-1.61.0-150300.21.26.1 rust1.61-1.61.0-150300.7.3.1 rust1.61-debuginfo-1.61.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.61.0-150300.21.26.1 cargo1.61-1.61.0-150300.7.3.1 cargo1.61-debuginfo-1.61.0-150300.7.3.1 rust-1.61.0-150300.21.26.1 rust1.61-1.61.0-150300.7.3.1 rust1.61-debuginfo-1.61.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.61.0-150300.21.26.1 cargo1.61-1.61.0-150300.7.3.1 cargo1.61-debuginfo-1.61.0-150300.7.3.1 rust-1.61.0-150300.21.26.1 rust1.61-1.61.0-150300.7.3.1 rust1.61-debuginfo-1.61.0-150300.7.3.1 References: From sle-updates at lists.suse.com Wed Jul 13 19:18:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jul 2022 21:18:40 +0200 (CEST) Subject: SUSE-SU-2020:0948-2: moderate: Security update for gmp, gnutls, libnettle Message-ID: <20220713191840.7DA12FC35@maintenance.suse.de> SUSE Security Update: Security update for gmp, gnutls, libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0948-2 Rating: moderate References: #1152692 #1155327 #1166881 #1168345 SLE-9518 Cross-References: CVE-2020-11501 CVSS scores: CVE-2020-11501 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-11501 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has three fixes is now available. Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2391=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): gmp-debugsource-6.1.2-4.3.1 gmp-devel-6.1.2-4.3.1 libgmp10-6.1.2-4.3.1 libgmp10-debuginfo-6.1.2-4.3.1 libgmpxx4-6.1.2-4.3.1 libgmpxx4-debuginfo-6.1.2-4.3.1 libhogweed4-3.4.1-4.12.1 libhogweed4-debuginfo-3.4.1-4.12.1 libnettle-debugsource-3.4.1-4.12.1 libnettle-devel-3.4.1-4.12.1 libnettle6-3.4.1-4.12.1 libnettle6-debuginfo-3.4.1-4.12.1 nettle-3.4.1-4.12.1 nettle-debuginfo-3.4.1-4.12.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): gmp-devel-32bit-6.1.2-4.3.1 libgmp10-32bit-6.1.2-4.3.1 libgmp10-32bit-debuginfo-6.1.2-4.3.1 libgmpxx4-32bit-6.1.2-4.3.1 libgmpxx4-32bit-debuginfo-6.1.2-4.3.1 libhogweed4-32bit-3.4.1-4.12.1 libhogweed4-32bit-debuginfo-3.4.1-4.12.1 libnettle-devel-32bit-3.4.1-4.12.1 libnettle6-32bit-3.4.1-4.12.1 libnettle6-32bit-debuginfo-3.4.1-4.12.1 References: https://www.suse.com/security/cve/CVE-2020-11501.html https://bugzilla.suse.com/1152692 https://bugzilla.suse.com/1155327 https://bugzilla.suse.com/1166881 https://bugzilla.suse.com/1168345 From sle-updates at lists.suse.com Wed Jul 13 22:15:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 00:15:52 +0200 (CEST) Subject: SUSE-SU-2022:2392-1: important: Security update for squid Message-ID: <20220713221552.6A168F7C9@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2392-1 Rating: important References: #1183436 #1185921 #1200907 Cross-References: CVE-2020-25097 CVE-2021-28651 CVE-2021-46784 CVSS scores: CVE-2020-25097 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-25097 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2021-28651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28651 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H CVE-2021-46784 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436) - CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921) - CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2392=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2392=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2392=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2392=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2392=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2392=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.35.1 squid-debuginfo-3.5.21-26.35.1 squid-debugsource-3.5.21-26.35.1 References: https://www.suse.com/security/cve/CVE-2020-25097.html https://www.suse.com/security/cve/CVE-2021-28651.html https://www.suse.com/security/cve/CVE-2021-46784.html https://bugzilla.suse.com/1183436 https://bugzilla.suse.com/1185921 https://bugzilla.suse.com/1200907 From sle-updates at lists.suse.com Thu Jul 14 13:16:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:16:35 +0200 (CEST) Subject: SUSE-SU-2022:1157-2: important: Security update for libsolv, libzypp, zypper Message-ID: <20220714131635.45A5AF7C9@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1157-2 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1157=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.2 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 From sle-updates at lists.suse.com Thu Jul 14 13:17:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:17:54 +0200 (CEST) Subject: SUSE-RU-2022:2394-1: Recommended update for sle-module-python2-release Message-ID: <20220714131754.77A6BF7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-python2-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2394-1 Rating: low References: SLE-22357 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for sle-module-python2-release provides the following fix: - Change EOL to 2023-12-31 [jsc#SLE-22357] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2394=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): sle-module-python2-release-15.3-150300.59.4.1 References: From sle-updates at lists.suse.com Thu Jul 14 13:18:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:18:26 +0200 (CEST) Subject: SUSE-RU-2022:2397-1: moderate: Recommended update for scap-security-guide Message-ID: <20220714131826.BEEDFF7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2397-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: ComplianceAsCode was updated to 0.1.62 (jsc#ECO-3319): - Update rhel8 stig to v1r6 - OL7 STIG v2r7 update - Initial definition of ANSSI BP28 minmal profile for SUSE Linux Enterprise Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2397=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.62-3.33.1 scap-security-guide-debian-0.1.62-3.33.1 scap-security-guide-redhat-0.1.62-3.33.1 scap-security-guide-ubuntu-0.1.62-3.33.1 References: From sle-updates at lists.suse.com Thu Jul 14 13:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:19:02 +0200 (CEST) Subject: SUSE-SU-2022:2395-1: important: Security update for virglrenderer Message-ID: <20220714131902.480C0F7C9@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2395-1 Rating: important References: #1195389 Cross-References: CVE-2022-0135 CVSS scores: CVE-2022-0135 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fix OOB in read_transfer_data. (bsc#1195389) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2395=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2395=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvirglrenderer1-0.9.1-150400.3.3.1 libvirglrenderer1-debuginfo-0.9.1-150400.3.3.1 virglrenderer-debuginfo-0.9.1-150400.3.3.1 virglrenderer-debugsource-0.9.1-150400.3.3.1 virglrenderer-devel-0.9.1-150400.3.3.1 virglrenderer-test-server-0.9.1-150400.3.3.1 virglrenderer-test-server-debuginfo-0.9.1-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libvirglrenderer1-0.9.1-150400.3.3.1 libvirglrenderer1-debuginfo-0.9.1-150400.3.3.1 virglrenderer-debuginfo-0.9.1-150400.3.3.1 virglrenderer-debugsource-0.9.1-150400.3.3.1 virglrenderer-devel-0.9.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-0135.html https://bugzilla.suse.com/1195389 From sle-updates at lists.suse.com Thu Jul 14 13:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:19:56 +0200 (CEST) Subject: SUSE-SU-2022:2393-1: important: Security update for the Linux Kernel Message-ID: <20220714131956.A2FEFFDCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2393-1 Rating: important References: #1158266 #1162338 #1162369 #1173871 #1177282 #1194013 #1196901 #1198577 #1199426 #1199487 #1199507 #1199657 #1200059 #1200143 #1200144 #1200249 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1201050 #1201080 #1201251 Cross-References: CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2393=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2393=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2393=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2393=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2393=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2393=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.102.1 kernel-default-base-4.12.14-95.102.1 kernel-default-base-debuginfo-4.12.14-95.102.1 kernel-default-debuginfo-4.12.14-95.102.1 kernel-default-debugsource-4.12.14-95.102.1 kernel-default-devel-4.12.14-95.102.1 kernel-default-devel-debuginfo-4.12.14-95.102.1 kernel-syms-4.12.14-95.102.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.102.1 kernel-macros-4.12.14-95.102.1 kernel-source-4.12.14-95.102.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.102.1 kernel-macros-4.12.14-95.102.1 kernel-source-4.12.14-95.102.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.102.1 kernel-default-base-4.12.14-95.102.1 kernel-default-base-debuginfo-4.12.14-95.102.1 kernel-default-debuginfo-4.12.14-95.102.1 kernel-default-debugsource-4.12.14-95.102.1 kernel-default-devel-4.12.14-95.102.1 kernel-default-devel-debuginfo-4.12.14-95.102.1 kernel-syms-4.12.14-95.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.102.1 kernel-default-base-4.12.14-95.102.1 kernel-default-base-debuginfo-4.12.14-95.102.1 kernel-default-debuginfo-4.12.14-95.102.1 kernel-default-debugsource-4.12.14-95.102.1 kernel-default-devel-4.12.14-95.102.1 kernel-syms-4.12.14-95.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.102.1 kernel-macros-4.12.14-95.102.1 kernel-source-4.12.14-95.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.102.1 kernel-default-base-4.12.14-95.102.1 kernel-default-base-debuginfo-4.12.14-95.102.1 kernel-default-debuginfo-4.12.14-95.102.1 kernel-default-debugsource-4.12.14-95.102.1 kernel-default-devel-4.12.14-95.102.1 kernel-syms-4.12.14-95.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.102.1 kernel-macros-4.12.14-95.102.1 kernel-source-4.12.14-95.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.102.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.102.1 kernel-default-kgraft-devel-4.12.14-95.102.1 kgraft-patch-4_12_14-95_102-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.102.1 cluster-md-kmp-default-debuginfo-4.12.14-95.102.1 dlm-kmp-default-4.12.14-95.102.1 dlm-kmp-default-debuginfo-4.12.14-95.102.1 gfs2-kmp-default-4.12.14-95.102.1 gfs2-kmp-default-debuginfo-4.12.14-95.102.1 kernel-default-debuginfo-4.12.14-95.102.1 kernel-default-debugsource-4.12.14-95.102.1 ocfs2-kmp-default-4.12.14-95.102.1 ocfs2-kmp-default-debuginfo-4.12.14-95.102.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1162338 https://bugzilla.suse.com/1162369 https://bugzilla.suse.com/1173871 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Thu Jul 14 13:23:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 15:23:07 +0200 (CEST) Subject: SUSE-SU-2022:2396-1: important: Security update for logrotate Message-ID: <20220714132307.8AB18FDCF@maintenance.suse.de> SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2396-1 Rating: important References: #1192449 #1199652 #1200278 #1200802 Cross-References: CVE-2022-1348 CVSS scores: CVE-2022-1348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1348 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2396=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2396=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): logrotate-3.18.1-150400.3.7.1 logrotate-debuginfo-3.18.1-150400.3.7.1 logrotate-debugsource-3.18.1-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): logrotate-3.18.1-150400.3.7.1 logrotate-debuginfo-3.18.1-150400.3.7.1 logrotate-debugsource-3.18.1-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-1348.html https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1199652 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 From sle-updates at lists.suse.com Thu Jul 14 18:50:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:50:45 +0200 (CEST) Subject: SUSE-SU-2020:2864-2: moderate: Security update for gnutls Message-ID: <20220714185045.5A4DAFDCF@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2864-2 Rating: moderate References: #1176086 #1176181 #1176671 Cross-References: CVE-2020-24659 CVSS scores: CVE-2020-24659 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-24659 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2404=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-14.4.1 gnutls-debuginfo-3.6.7-14.4.1 gnutls-debugsource-3.6.7-14.4.1 libgnutls-devel-3.6.7-14.4.1 libgnutls30-3.6.7-14.4.1 libgnutls30-debuginfo-3.6.7-14.4.1 libgnutls30-hmac-3.6.7-14.4.1 libgnutlsxx-devel-3.6.7-14.4.1 libgnutlsxx28-3.6.7-14.4.1 libgnutlsxx28-debuginfo-3.6.7-14.4.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libgnutls-devel-32bit-3.6.7-14.4.1 libgnutls30-32bit-3.6.7-14.4.1 libgnutls30-32bit-debuginfo-3.6.7-14.4.1 libgnutls30-hmac-32bit-3.6.7-14.4.1 References: https://www.suse.com/security/cve/CVE-2020-24659.html https://bugzilla.suse.com/1176086 https://bugzilla.suse.com/1176181 https://bugzilla.suse.com/1176671 From sle-updates at lists.suse.com Thu Jul 14 18:51:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:51:31 +0200 (CEST) Subject: SUSE-SU-2022:2403-1: important: Security update for python-PyJWT Message-ID: <20220714185131.EC8ADFDCF@maintenance.suse.de> SUSE Security Update: Security update for python-PyJWT ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2403-1 Rating: important References: #1199756 Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-29217 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2403=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2403=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2403=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2403=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2403=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2403=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2403=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2403=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python2-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python2-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE Enterprise Storage 6 (noarch): python3-PyJWT-1.7.1-150100.6.7.1 - SUSE CaaS Platform 4.0 (noarch): python3-PyJWT-1.7.1-150100.6.7.1 References: https://www.suse.com/security/cve/CVE-2022-29217.html https://bugzilla.suse.com/1199756 From sle-updates at lists.suse.com Thu Jul 14 18:52:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:52:24 +0200 (CEST) Subject: SUSE-RU-2022:2399-1: moderate: Recommended update for scap-security-guide Message-ID: <20220714185224.CB590FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2399-1 Rating: moderate References: ECO-3319 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: ComplianceAsCode was updated to 0.1.62 (jsc#ECO-3319): - Update rhel8 stig to v1r6 - OL7 STIG v2r7 update - Initial definition of ANSSI BP28 minmal profile for SUSE Linux Enterprise Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2399=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2399=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2399=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2399=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2399=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2399=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2399=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2399=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2399=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2399=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2399=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2399=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2399=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2399=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2399=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2399=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2399=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2399=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - openSUSE Leap 15.3 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Manager Server 4.1 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Manager Retail Branch Server 4.1 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Manager Proxy 4.1 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Enterprise Storage 7 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.62-150000.1.39.1 scap-security-guide-debian-0.1.62-150000.1.39.1 scap-security-guide-redhat-0.1.62-150000.1.39.1 scap-security-guide-ubuntu-0.1.62-150000.1.39.1 References: From sle-updates at lists.suse.com Thu Jul 14 18:53:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:53:13 +0200 (CEST) Subject: SUSE-SU-2022:2398-1: important: Security update for logrotate Message-ID: <20220714185313.6B214FDCF@maintenance.suse.de> SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2398-1 Rating: important References: #1192449 #1200278 #1200802 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2398=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.20.1 logrotate-debuginfo-3.11.0-2.20.1 logrotate-debugsource-3.11.0-2.20.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 From sle-updates at lists.suse.com Thu Jul 14 18:54:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:54:24 +0200 (CEST) Subject: SUSE-SU-2022:2400-1: important: Security update for oracleasm Message-ID: <20220714185424.E16F3FDCF@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2400-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2400=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2400=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2400=1 Package List: - openSUSE Leap 15.4 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_8.13-150300.19.5.3 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.13-150300.19.5.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): oracleasm-debugsource-2.0.8-150300.19.5.3 oracleasm-kmp-default-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 - openSUSE Leap 15.3 (aarch64 x86_64): oracleasm-kmp-preempt-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 oracleasm-kmp-preempt-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 - openSUSE Leap 15.3 (aarch64): oracleasm-kmp-64kb-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 oracleasm-kmp-64kb-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 - openSUSE Leap 15.3 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_8.13-150300.19.5.3 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_8.13-150300.19.5.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 oracleasm-kmp-default-debuginfo-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 14 18:55:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:55:12 +0200 (CEST) Subject: SUSE-SU-2022:2402-1: important: Security update for python-PyJWT Message-ID: <20220714185512.C9B23FDCF@maintenance.suse.de> SUSE Security Update: Security update for python-PyJWT ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2402-1 Rating: important References: #1199756 Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-29217 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2402=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2402=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2402=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2402=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2402=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2402=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2402=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2402=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2402=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2402=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2402=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2402=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2402=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2402=1 Package List: - openSUSE Leap 15.4 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - openSUSE Leap 15.3 (noarch): python2-PyJWT-1.7.1-150200.3.3.1 python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Manager Server 4.1 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Manager Proxy 4.1 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): python3-PyJWT-1.7.1-150200.3.3.1 - SUSE Enterprise Storage 7 (noarch): python3-PyJWT-1.7.1-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-29217.html https://bugzilla.suse.com/1199756 From sle-updates at lists.suse.com Thu Jul 14 18:55:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jul 2022 20:55:59 +0200 (CEST) Subject: SUSE-SU-2022:2401-1: important: Security update for python-PyJWT Message-ID: <20220714185559.5097AF7C9@maintenance.suse.de> SUSE Security Update: Security update for python-PyJWT ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2401-1 Rating: important References: #1199756 Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-29217 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2401=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-PyJWT-1.5.3-3.16.1 python3-PyJWT-1.5.3-3.16.1 References: https://www.suse.com/security/cve/CVE-2022-29217.html https://bugzilla.suse.com/1199756 From sle-updates at lists.suse.com Fri Jul 15 07:49:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 09:49:04 +0200 (CEST) Subject: SUSE-CU-2022:1502-1: Security update of suse/sle15 Message-ID: <20220715074904.8AD4AF7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1502-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.581 Container Release : 4.22.581 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Fri Jul 15 07:50:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 09:50:48 +0200 (CEST) Subject: SUSE-CU-2022:1508-1: Security update of bci/dotnet-sdk Message-ID: <20220715075048.5FBF9F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1508-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.1 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.1 , bci/dotnet-sdk:latest Container Release : 21.1 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.5 updated From sle-updates at lists.suse.com Fri Jul 15 13:17:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 15:17:10 +0200 (CEST) Subject: SUSE-SU-2022:2405-1: moderate: Security update for p11-kit Message-ID: <20220715131710.DE611FDCF@maintenance.suse.de> SUSE Security Update: Security update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2405-1 Rating: moderate References: #1180065 Cross-References: CVE-2020-29362 CVSS scores: CVE-2020-29362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-29362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2405=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2405=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2405=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2405=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2405=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-150000.4.16.1 libp11-kit0-debuginfo-0.23.2-150000.4.16.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-debuginfo-0.23.2-150000.4.16.1 p11-kit-debugsource-0.23.2-150000.4.16.1 p11-kit-devel-0.23.2-150000.4.16.1 p11-kit-nss-trust-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 p11-kit-tools-debuginfo-0.23.2-150000.4.16.1 - openSUSE Leap 15.3 (x86_64): libp11-kit0-32bit-0.23.2-150000.4.16.1 libp11-kit0-32bit-debuginfo-0.23.2-150000.4.16.1 p11-kit-32bit-0.23.2-150000.4.16.1 p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1 p11-kit-nss-trust-32bit-0.23.2-150000.4.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): p11-kit-32bit-0.23.2-150000.4.16.1 p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1 p11-kit-debugsource-0.23.2-150000.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-150000.4.16.1 libp11-kit0-debuginfo-0.23.2-150000.4.16.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-debuginfo-0.23.2-150000.4.16.1 p11-kit-debugsource-0.23.2-150000.4.16.1 p11-kit-devel-0.23.2-150000.4.16.1 p11-kit-nss-trust-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 p11-kit-tools-debuginfo-0.23.2-150000.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libp11-kit0-32bit-0.23.2-150000.4.16.1 libp11-kit0-32bit-debuginfo-0.23.2-150000.4.16.1 p11-kit-32bit-debuginfo-0.23.2-150000.4.16.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libp11-kit0-0.23.2-150000.4.16.1 libp11-kit0-debuginfo-0.23.2-150000.4.16.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-debuginfo-0.23.2-150000.4.16.1 p11-kit-debugsource-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 p11-kit-tools-debuginfo-0.23.2-150000.4.16.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libp11-kit0-0.23.2-150000.4.16.1 libp11-kit0-debuginfo-0.23.2-150000.4.16.1 p11-kit-0.23.2-150000.4.16.1 p11-kit-debuginfo-0.23.2-150000.4.16.1 p11-kit-debugsource-0.23.2-150000.4.16.1 p11-kit-tools-0.23.2-150000.4.16.1 p11-kit-tools-debuginfo-0.23.2-150000.4.16.1 References: https://www.suse.com/security/cve/CVE-2020-29362.html https://bugzilla.suse.com/1180065 From sle-updates at lists.suse.com Fri Jul 15 13:17:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 15:17:59 +0200 (CEST) Subject: SUSE-SU-2022:2407-1: important: Security update for the Linux Kernel Message-ID: <20220715131759.4D520FDCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2407-1 Rating: important References: #1177282 #1194013 #1196901 #1199487 #1199657 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1201050 #1201080 #1201251 Cross-References: CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2407=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2407=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2407=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2407=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2407=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2407=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 reiserfs-kmp-default-4.12.14-150000.150.95.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 reiserfs-kmp-default-4.12.14-150000.150.95.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.95.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.95.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-livepatch-4.12.14-150000.150.95.1 kernel-livepatch-4_12_14-150000_150_95-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-1-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.95.1 kernel-default-base-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 kernel-default-devel-4.12.14-150000.150.95.1 kernel-default-devel-debuginfo-4.12.14-150000.150.95.1 kernel-obs-build-4.12.14-150000.150.95.1 kernel-obs-build-debugsource-4.12.14-150000.150.95.1 kernel-syms-4.12.14-150000.150.95.1 kernel-vanilla-base-4.12.14-150000.150.95.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debuginfo-4.12.14-150000.150.95.1 kernel-vanilla-debugsource-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.95.1 kernel-docs-4.12.14-150000.150.95.1 kernel-macros-4.12.14-150000.150.95.1 kernel-source-4.12.14-150000.150.95.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.95.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.95.1 dlm-kmp-default-4.12.14-150000.150.95.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.95.1 gfs2-kmp-default-4.12.14-150000.150.95.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debuginfo-4.12.14-150000.150.95.1 kernel-default-debugsource-4.12.14-150000.150.95.1 ocfs2-kmp-default-4.12.14-150000.150.95.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.95.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Fri Jul 15 13:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 15:20:06 +0200 (CEST) Subject: SUSE-RU-2022:2408-1: moderate: Recommended update for kguiaddons Message-ID: <20220715132007.01598FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for kguiaddons ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2408-1 Rating: moderate References: Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for kguiaddons fixes the following issues: - Fix a clipboard memory leak on Wayland (kde#454590) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2408=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kguiaddons-debugsource-5.90.0-150400.3.3.1 kguiaddons-devel-5.90.0-150400.3.3.1 libKF5GuiAddons5-5.90.0-150400.3.3.1 libKF5GuiAddons5-debuginfo-5.90.0-150400.3.3.1 References: From sle-updates at lists.suse.com Fri Jul 15 13:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 15:20:45 +0200 (CEST) Subject: SUSE-RU-2022:2406-1: moderate: Recommended update for glibc Message-ID: <20220715132045.651EAFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2406-1 Rating: moderate References: #1197718 #1199140 #1200334 #1200855 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2406=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2406=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2406=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2406=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2406=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2406=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2406=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2406=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2406=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2406=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-devel-debuginfo-2.31-150300.31.2 glibc-devel-static-2.31-150300.31.2 glibc-extra-2.31-150300.31.2 glibc-extra-debuginfo-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 glibc-profile-2.31-150300.31.2 glibc-utils-2.31-150300.31.1 glibc-utils-debuginfo-2.31-150300.31.1 glibc-utils-src-debugsource-2.31-150300.31.1 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 libxcrypt-devel-static-4.4.15-150300.4.4.3 nscd-2.31-150300.31.2 nscd-debuginfo-2.31-150300.31.2 - openSUSE Leap 15.4 (noarch): glibc-html-2.31-150300.31.2 glibc-i18ndata-2.31-150300.31.2 glibc-info-2.31-150300.31.2 glibc-lang-2.31-150300.31.2 - openSUSE Leap 15.4 (x86_64): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-devel-32bit-2.31-150300.31.2 glibc-devel-32bit-debuginfo-2.31-150300.31.2 glibc-devel-static-32bit-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 glibc-profile-32bit-2.31-150300.31.2 glibc-utils-32bit-2.31-150300.31.1 glibc-utils-32bit-debuginfo-2.31-150300.31.1 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 libxcrypt-devel-32bit-4.4.15-150300.4.4.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-devel-debuginfo-2.31-150300.31.2 glibc-devel-static-2.31-150300.31.2 glibc-extra-2.31-150300.31.2 glibc-extra-debuginfo-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 glibc-profile-2.31-150300.31.2 glibc-utils-2.31-150300.31.1 glibc-utils-debuginfo-2.31-150300.31.1 glibc-utils-src-debugsource-2.31-150300.31.1 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 libxcrypt-devel-static-4.4.15-150300.4.4.3 nscd-2.31-150300.31.2 nscd-debuginfo-2.31-150300.31.2 - openSUSE Leap 15.3 (x86_64): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-devel-32bit-2.31-150300.31.2 glibc-devel-32bit-debuginfo-2.31-150300.31.2 glibc-devel-static-32bit-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 glibc-profile-32bit-2.31-150300.31.2 glibc-utils-32bit-2.31-150300.31.1 glibc-utils-32bit-debuginfo-2.31-150300.31.1 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 libxcrypt-devel-32bit-4.4.15-150300.4.4.3 - openSUSE Leap 15.3 (noarch): glibc-html-2.31-150300.31.2 glibc-i18ndata-2.31-150300.31.2 glibc-info-2.31-150300.31.2 glibc-lang-2.31-150300.31.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (s390x): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (s390x): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-static-2.31-150300.31.2 glibc-utils-2.31-150300.31.1 glibc-utils-debuginfo-2.31-150300.31.1 glibc-utils-src-debugsource-2.31-150300.31.1 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-static-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): glibc-32bit-debuginfo-2.31-150300.31.2 glibc-devel-32bit-2.31-150300.31.2 glibc-devel-32bit-debuginfo-2.31-150300.31.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-static-2.31-150300.31.2 glibc-utils-2.31-150300.31.1 glibc-utils-debuginfo-2.31-150300.31.1 glibc-utils-src-debugsource-2.31-150300.31.1 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-static-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-150300.31.2 glibc-devel-32bit-2.31-150300.31.2 glibc-devel-32bit-debuginfo-2.31-150300.31.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-devel-debuginfo-2.31-150300.31.2 glibc-extra-2.31-150300.31.2 glibc-extra-debuginfo-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 glibc-profile-2.31-150300.31.2 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 nscd-2.31-150300.31.2 nscd-debuginfo-2.31-150300.31.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): glibc-i18ndata-2.31-150300.31.2 glibc-info-2.31-150300.31.2 glibc-lang-2.31-150300.31.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-devel-debuginfo-2.31-150300.31.2 glibc-extra-2.31-150300.31.2 glibc-extra-debuginfo-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 glibc-profile-2.31-150300.31.2 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 nscd-2.31-150300.31.2 nscd-debuginfo-2.31-150300.31.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-150300.31.2 glibc-32bit-debuginfo-2.31-150300.31.2 glibc-locale-base-32bit-2.31-150300.31.2 glibc-locale-base-32bit-debuginfo-2.31-150300.31.2 libcrypt1-32bit-4.4.15-150300.4.4.3 libcrypt1-32bit-debuginfo-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-150300.31.2 glibc-info-2.31-150300.31.2 glibc-lang-2.31-150300.31.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glibc-2.31-150300.31.2 glibc-debuginfo-2.31-150300.31.2 glibc-debugsource-2.31-150300.31.2 glibc-devel-2.31-150300.31.2 glibc-locale-2.31-150300.31.2 glibc-locale-base-2.31-150300.31.2 glibc-locale-base-debuginfo-2.31-150300.31.2 libcrypt1-4.4.15-150300.4.4.3 libcrypt1-debuginfo-4.4.15-150300.4.4.3 libxcrypt-debugsource-4.4.15-150300.4.4.3 libxcrypt-devel-4.4.15-150300.4.4.3 References: https://bugzilla.suse.com/1197718 https://bugzilla.suse.com/1199140 https://bugzilla.suse.com/1200334 https://bugzilla.suse.com/1200855 From sle-updates at lists.suse.com Fri Jul 15 16:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 18:17:49 +0200 (CEST) Subject: SUSE-SU-2022:2411-1: important: Security update for the Linux Kernel Message-ID: <20220715161749.E4C06F7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2411-1 Rating: important References: #1194013 #1196901 #1199487 #1199657 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1201050 #1201080 #1201251 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2411=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2411=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2411=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2411=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2411=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2411=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2411=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2411=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2411=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2411=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-4.12.14-150100.197.117.1 kernel-vanilla-base-4.12.14-150100.197.117.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-debugsource-4.12.14-150100.197.117.1 kernel-vanilla-devel-4.12.14-150100.197.117.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.117.1 kernel-debug-base-debuginfo-4.12.14-150100.197.117.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.117.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.117.1 kernel-zfcpdump-man-4.12.14-150100.197.117.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-4.12.14-150100.197.117.1 kernel-vanilla-base-4.12.14-150100.197.117.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-debugsource-4.12.14-150100.197.117.1 kernel-vanilla-devel-4.12.14-150100.197.117.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.117.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.117.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.117.1 kernel-debug-base-debuginfo-4.12.14-150100.197.117.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.117.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.117.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.117.1 kernel-zfcpdump-man-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 reiserfs-kmp-default-4.12.14-150100.197.117.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 reiserfs-kmp-default-4.12.14-150100.197.117.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.117.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.117.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 reiserfs-kmp-default-4.12.14-150100.197.117.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-livepatch-4.12.14-150100.197.117.1 kernel-default-livepatch-devel-4.12.14-150100.197.117.1 kernel-livepatch-4_12_14-150100_197_117-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.117.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.117.1 dlm-kmp-default-4.12.14-150100.197.117.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.117.1 gfs2-kmp-default-4.12.14-150100.197.117.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 ocfs2-kmp-default-4.12.14-150100.197.117.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 reiserfs-kmp-default-4.12.14-150100.197.117.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.117.1 kernel-default-base-4.12.14-150100.197.117.1 kernel-default-base-debuginfo-4.12.14-150100.197.117.1 kernel-default-debuginfo-4.12.14-150100.197.117.1 kernel-default-debugsource-4.12.14-150100.197.117.1 kernel-default-devel-4.12.14-150100.197.117.1 kernel-default-devel-debuginfo-4.12.14-150100.197.117.1 kernel-obs-build-4.12.14-150100.197.117.1 kernel-obs-build-debugsource-4.12.14-150100.197.117.1 kernel-syms-4.12.14-150100.197.117.1 reiserfs-kmp-default-4.12.14-150100.197.117.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.117.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.117.1 kernel-docs-4.12.14-150100.197.117.1 kernel-macros-4.12.14-150100.197.117.1 kernel-source-4.12.14-150100.197.117.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Fri Jul 15 16:19:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 18:19:58 +0200 (CEST) Subject: SUSE-SU-2022:2410-1: important: Security update for crash Message-ID: <20220715161958.B4744F7C9@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2410-1 Rating: important References: #1198581 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2410=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2410=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2410=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2410=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2410=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2410=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 - SUSE Enterprise Storage 6 (x86_64): crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 - SUSE CaaS Platform 4.0 (x86_64): crash-7.2.1-150100.9.15.1 crash-debuginfo-7.2.1-150100.9.15.1 crash-debugsource-7.2.1-150100.9.15.1 crash-devel-7.2.1-150100.9.15.1 crash-gcore-7.2.1-150100.9.15.1 crash-gcore-debuginfo-7.2.1-150100.9.15.1 crash-kmp-default-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150100.197.114-150100.9.15.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jul 15 16:20:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 18:20:40 +0200 (CEST) Subject: SUSE-SU-2022:2409-1: important: Security update for crash Message-ID: <20220715162040.0A4F2F7C9@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2409-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2409=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2409=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2409=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2409=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): crash-7.2.1-150000.3.19.1 crash-debugsource-7.2.1-150000.3.19.1 crash-devel-7.2.1-150000.3.19.1 crash-kmp-default-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): crash-debuginfo-7.2.1-150000.3.19.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): crash-gcore-7.2.1-150000.3.19.1 crash-gcore-debuginfo-7.2.1-150000.3.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): crash-7.2.1-150000.3.19.1 crash-debuginfo-7.2.1-150000.3.19.1 crash-debugsource-7.2.1-150000.3.19.1 crash-devel-7.2.1-150000.3.19.1 crash-kmp-default-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): crash-7.2.1-150000.3.19.1 crash-debuginfo-7.2.1-150000.3.19.1 crash-debugsource-7.2.1-150000.3.19.1 crash-devel-7.2.1-150000.3.19.1 crash-kmp-default-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): crash-gcore-7.2.1-150000.3.19.1 crash-gcore-debuginfo-7.2.1-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): crash-7.2.1-150000.3.19.1 crash-debuginfo-7.2.1-150000.3.19.1 crash-debugsource-7.2.1-150000.3.19.1 crash-devel-7.2.1-150000.3.19.1 crash-kmp-default-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 crash-kmp-default-debuginfo-7.2.1_k4.12.14_150000.150.92-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): crash-gcore-7.2.1-150000.3.19.1 crash-gcore-debuginfo-7.2.1-150000.3.19.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jul 15 19:16:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:16:13 +0200 (CEST) Subject: SUSE-RU-2022:2413-1: important: Recommended update for susemanager Message-ID: <20220715191613.C560FFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2413-1 Rating: important References: #1200863 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager fixes the following issues: - version 4.1.37-1 * Fix issue with bootstrap repo definitions for RHEL/RES8 variants (bsc#1200863) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2413=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): susemanager-4.1.37-150200.3.55.1 susemanager-tools-4.1.37-150200.3.55.1 References: https://bugzilla.suse.com/1200863 From sle-updates at lists.suse.com Fri Jul 15 19:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:16:47 +0200 (CEST) Subject: SUSE-SU-2022:2415-1: important: Security update for nodejs16 Message-ID: <20220715191647.3A57AFDCF@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2415-1 Rating: important References: #1192489 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2415=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-8.6.1 nodejs16-debuginfo-16.16.0-8.6.1 nodejs16-debugsource-16.16.0-8.6.1 nodejs16-devel-16.16.0-8.6.1 npm16-16.16.0-8.6.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs16-docs-16.16.0-8.6.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1192489 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Fri Jul 15 19:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:17:41 +0200 (CEST) Subject: SUSE-SU-2022:2416-1: important: Security update for nodejs14 Message-ID: <20220715191741.B6C4DFDCF@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2416-1 Rating: important References: #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327).?? Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2416=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.0-6.31.1 nodejs14-debuginfo-14.20.0-6.31.1 nodejs14-debugsource-14.20.0-6.31.1 nodejs14-devel-14.20.0-6.31.1 npm14-14.20.0-6.31.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.20.0-6.31.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Fri Jul 15 19:18:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:18:34 +0200 (CEST) Subject: SUSE-RU-2022:2420-1: Recommended update for release-notes-sles-for-sap Message-ID: <20220715191834.EA888FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2420-1 Rating: low References: #1197511 #1201315 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - Trento is fully supported, remove it from tech preview section. (bsc#1201315) - Added note about native systemd support. (bsc#1197511) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2420=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): release-notes-sles-for-sap-15.1.20220712-150100.6.10.1 References: https://bugzilla.suse.com/1197511 https://bugzilla.suse.com/1201315 From sle-updates at lists.suse.com Fri Jul 15 19:19:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:19:16 +0200 (CEST) Subject: SUSE-SU-2022:2414-1: important: Security update for crash Message-ID: <20220715191916.6FCD1FDCF@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2414-1 Rating: important References: #1198581 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2414=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2414=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2414=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2414=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2414=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2414=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2414=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2414=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2414=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Manager Server 4.1 (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Manager Proxy 4.1 (x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): crash-7.2.8-150200.18.12.2 crash-debuginfo-7.2.8-150200.18.12.2 crash-debugsource-7.2.8-150200.18.12.2 crash-devel-7.2.8-150200.18.12.2 crash-kmp-default-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_150200.24.115-150200.18.12.2 - SUSE Enterprise Storage 7 (x86_64): crash-gcore-7.2.8-150200.18.12.2 crash-gcore-debuginfo-7.2.8-150200.18.12.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jul 15 19:19:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:19:58 +0200 (CEST) Subject: SUSE-RU-2022:2421-1: Recommended update for release-notes-sles-for-sap Message-ID: <20220715191958.999CBFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2421-1 Rating: low References: #1200271 #1201315 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - Trento is fully supported remove it from tech preview section. (bsc#1201315) - Added note about provider hook scripts. (bsc#1200271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2421=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): release-notes-sles-for-sap-15.4.20220714-150400.3.3.1 References: https://bugzilla.suse.com/1200271 https://bugzilla.suse.com/1201315 From sle-updates at lists.suse.com Fri Jul 15 19:20:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:20:39 +0200 (CEST) Subject: SUSE-RU-2022:2419-1: Recommended update for release-notes-sles-for-sap Message-ID: <20220715192039.25DD8FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2419-1 Rating: low References: #1197511 #1201315 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - Trento is fully supported, remove it from tech preview section. (bsc#1201315) - Added note about native systemd integration. (bsc#1197511) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2419=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): release-notes-sles-for-sap-15.3.20220712-150300.3.15.1 References: https://bugzilla.suse.com/1197511 https://bugzilla.suse.com/1201315 From sle-updates at lists.suse.com Fri Jul 15 19:21:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:21:19 +0200 (CEST) Subject: SUSE-RU-2022:2418-1: Recommended update for release-notes-sles-for-sap Message-ID: <20220715192119.89706FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2418-1 Rating: low References: #1201315 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - Trento is fully supported, remove it from tech preview section. (bsc#1201315) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2418=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): release-notes-sles-for-sap-15.2.20220712-150200.3.13.1 References: https://bugzilla.suse.com/1201315 From sle-updates at lists.suse.com Fri Jul 15 19:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:21:53 +0200 (CEST) Subject: SUSE-RU-2022:2412-1: important: Recommended update for susemanager-sls Message-ID: <20220715192153.857A1FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2412-1 Rating: important References: #1200707 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susemanager-sls fixes the following issues: - version 4.1.37-1 * Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2412=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): susemanager-sls-4.1.37-150200.3.67.1 uyuni-config-modules-4.1.37-150200.3.67.1 References: https://bugzilla.suse.com/1200707 From sle-updates at lists.suse.com Fri Jul 15 19:22:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jul 2022 21:22:31 +0200 (CEST) Subject: SUSE-SU-2022:2417-1: important: Security update for nodejs12 Message-ID: <20220715192231.F0A02FDCF@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2417-1 Rating: important References: #1201099 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-2097 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-2097 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-2097: Fixed missing encrypted bytes in AES OCB mode (bsc#1201099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2417=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-1.51.1 nodejs12-debuginfo-12.22.12-1.51.1 nodejs12-debugsource-12.22.12-1.51.1 nodejs12-devel-12.22.12-1.51.1 npm12-12.22.12-1.51.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.12-1.51.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1201099 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Sat Jul 16 07:47:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:47:25 +0200 (CEST) Subject: SUSE-CU-2022:1513-1: Security update of suse/sle15 Message-ID: <20220716074725.89E53F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1513-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.582 Container Release : 4.22.582 Severity : moderate Type : security References : 1180065 CVE-2020-29362 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) The following package changes have been done: - libp11-kit0-0.23.2-150000.4.16.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated From sle-updates at lists.suse.com Sat Jul 16 07:51:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:51:58 +0200 (CEST) Subject: SUSE-CU-2022:1514-1: Security update of bci/bci-init Message-ID: <20220716075158.55200F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1514-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.7 Container Release : 17.7 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-17.17.23 updated From sle-updates at lists.suse.com Sat Jul 16 07:52:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:52:26 +0200 (CEST) Subject: SUSE-CU-2022:1515-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220716075226.20066F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1515-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.3 , bci/dotnet-aspnet:3.1.27 , bci/dotnet-aspnet:3.1.27-18.3 Container Release : 18.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:52:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:52:42 +0200 (CEST) Subject: SUSE-CU-2022:1516-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220716075242.38451F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1516-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.14 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.14 Container Release : 10.14 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:52:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:52:55 +0200 (CEST) Subject: SUSE-CU-2022:1517-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220716075255.04BB7F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1517-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.3 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.3 , bci/dotnet-aspnet:latest Container Release : 19.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:53:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:53:22 +0200 (CEST) Subject: SUSE-CU-2022:1518-1: Recommended update of bci/dotnet-sdk Message-ID: <20220716075322.80324F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1518-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-18.3 , bci/dotnet-sdk:3.1.27 , bci/dotnet-sdk:3.1.27-18.3 Container Release : 18.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:53:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:53:39 +0200 (CEST) Subject: SUSE-CU-2022:1519-1: Recommended update of bci/dotnet-sdk Message-ID: <20220716075339.9CA5CF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1519-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.14 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.14 Container Release : 10.14 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:53:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:53:59 +0200 (CEST) Subject: SUSE-CU-2022:1520-1: Recommended update of bci/dotnet-runtime Message-ID: <20220716075359.45FB6F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1520-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-17.3 , bci/dotnet-runtime:3.1.27 , bci/dotnet-runtime:3.1.27-17.3 Container Release : 17.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:54:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:54:13 +0200 (CEST) Subject: SUSE-CU-2022:1521-1: Recommended update of bci/dotnet-runtime Message-ID: <20220716075413.4B771F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1521-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.14 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.14 Container Release : 10.14 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:54:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:54:30 +0200 (CEST) Subject: SUSE-CU-2022:1522-1: Recommended update of bci/dotnet-runtime Message-ID: <20220716075430.84485F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1522-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-18.3 , bci/dotnet-runtime:6.0.7 , bci/dotnet-runtime:6.0.7-18.3 , bci/dotnet-runtime:latest Container Release : 18.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Sat Jul 16 07:54:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:54:35 +0200 (CEST) Subject: SUSE-CU-2022:1523-1: Security update of bci/bci-micro Message-ID: <20220716075435.D05E8F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1523-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.13.2 , bci/bci-micro:latest Container Release : 13.2 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Sat Jul 16 07:54:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:54:37 +0200 (CEST) Subject: SUSE-CU-2022:1524-1: Recommended update of bci/bci-micro Message-ID: <20220716075437.C223AF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1524-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.13.3 , bci/bci-micro:latest Container Release : 13.3 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated From sle-updates at lists.suse.com Sat Jul 16 07:54:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Jul 2022 09:54:50 +0200 (CEST) Subject: SUSE-CU-2022:1525-1: Security update of suse/sle15 Message-ID: <20220716075450.EF981F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1525-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.8.6 , suse/sle15:15.4 , suse/sle15:15.4.27.8.6 Container Release : 27.8.6 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Sun Jul 17 07:36:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Jul 2022 09:36:35 +0200 (CEST) Subject: SUSE-CU-2022:1526-1: Security update of suse/sle15 Message-ID: <20220717073635.B28EDF7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1526-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.163 Container Release : 9.5.163 Severity : important Type : security References : 1180065 1199232 CVE-2020-29362 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) The following package changes have been done: - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated From sle-updates at lists.suse.com Sun Jul 17 07:38:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Jul 2022 09:38:35 +0200 (CEST) Subject: SUSE-CU-2022:1527-1: Security update of bci/bci-minimal Message-ID: <20220717073835.B4620F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1527-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.29.9 Container Release : 29.9 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - container:micro-image-15.3.0-19.4 updated From sle-updates at lists.suse.com Sun Jul 17 07:42:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Jul 2022 09:42:46 +0200 (CEST) Subject: SUSE-CU-2022:1528-1: Recommended update of bci/nodejs Message-ID: <20220717074246.BAB09F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1528-1 Container Tags : bci/node:12 , bci/node:12-16.96 , bci/nodejs:12 , bci/nodejs:12-16.96 Container Release : 16.96 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-17.17.24 updated From sle-updates at lists.suse.com Sun Jul 17 07:46:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Jul 2022 09:46:00 +0200 (CEST) Subject: SUSE-CU-2022:1529-1: Security update of bci/python Message-ID: <20220717074600.EFC8AF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1529-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.22 Container Release : 18.22 Severity : important Type : security References : 1180065 1197718 1199140 1199232 1200334 1200855 CVE-2020-29362 CVE-2022-1586 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - container:sles15-image-15.0.0-17.17.24 updated From sle-updates at lists.suse.com Sun Jul 17 07:53:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Jul 2022 09:53:55 +0200 (CEST) Subject: SUSE-CU-2022:1530-1: Security update of suse/sle15 Message-ID: <20220717075355.E7FDAF7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1530-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.24 , suse/sle15:15.3 , suse/sle15:15.3.17.17.24 Container Release : 17.17.24 Severity : important Type : security References : 1180065 1197718 1199140 1199232 1200334 1200855 CVE-2020-29362 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated From sle-updates at lists.suse.com Mon Jul 18 08:14:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 10:14:34 +0200 (CEST) Subject: SUSE-IU-2022:836-1: Security update of suse-sles-15-sp1-chost-byos-v20220715-x86_64-gen2 Message-ID: <20220718081434.63DE0F7C9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20220715-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:836-1 Image Tags : suse-sles-15-sp1-chost-byos-v20220715-x86_64-gen2:20220715 Image Release : Severity : critical Type : security References : 1003872 1028340 1029961 1029961 1040589 1055710 1057592 1065729 1070955 1071995 1071995 1082318 1084513 1087082 1099272 1114648 1115529 1120610 1121227 1121230 1122004 1122021 1124431 1128846 1130496 1134046 1156920 1158266 1160654 1162964 1167162 1169514 1172073 1172113 1172427 1172456 1173277 1174075 1174911 1175102 1177047 1177215 1177282 1177460 1178219 1178357 1179060 1179599 1180065 1180689 1180713 1181131 1181163 1181186 1181703 1181812 1181826 1182171 1182227 1182959 1183407 1183495 1183723 1184501 1184804 1185377 1185637 1185973 1186207 1186222 1186571 1186819 1186823 1187055 1187167 1187512 1187906 1188019 1188160 1188161 1188867 1189028 1189152 1189305 1189517 1189560 1189562 1189841 1190315 1190358 1190375 1190428 1190447 1190533 1190566 1190570 1190926 1190943 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191229 1191241 1191334 1191384 1191434 1191580 1191647 1191731 1191770 1191794 1191893 1191958 1192032 1192051 1192164 1192167 1192249 1192267 1192311 1192343 1192353 1192478 1192481 1192740 1192845 1192847 1192877 1192902 1192903 1192904 1192946 1192951 1193007 1193035 1193179 1193204 1193273 1193282 1193294 1193298 1193306 1193440 1193442 1193466 1193489 1193531 1193575 1193625 1193659 1193669 1193727 1193731 1193732 1193738 1193759 1193767 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193927 1193930 1194001 1194013 1194048 1194087 1194093 1194216 1194216 1194217 1194227 1194229 1194302 1194388 1194392 1194516 1194516 1194529 1194556 1194561 1194597 1194640 1194642 1194661 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194888 1194898 1194943 1194985 1195004 1195004 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195166 1195202 1195203 1195217 1195251 1195254 1195254 1195258 1195283 1195326 1195332 1195353 1195354 1195356 1195468 1195536 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195784 1195792 1195797 1195825 1195840 1195856 1195897 1195899 1195908 1195949 1195987 1195999 1196018 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196107 1196114 1196155 1196168 1196169 1196171 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196584 1196612 1196639 1196761 1196784 1196830 1196836 1196861 1196877 1196901 1196925 1196939 1196942 1196973 1196999 1197004 1197004 1197024 1197065 1197134 1197135 1197216 1197219 1197227 1197284 1197293 1197297 1197331 1197343 1197366 1197391 1197443 1197459 1197517 1197663 1197771 1197788 1197794 1197903 1198031 1198032 1198033 1198062 1198062 1198258 1198400 1198441 1198446 1198460 1198493 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198657 1198660 1198687 1198742 1198748 1198777 1198825 1199012 1199061 1199063 1199132 1199166 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199399 1199426 1199453 1199460 1199474 1199487 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199756 1199936 1200010 1200011 1200012 1200088 1200143 1200144 1200145 1200249 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200762 1201050 1201080 1201099 1201251 954329 CVE-2015-20107 CVE-2015-8985 CVE-2017-13695 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25020 CVE-2018-25032 CVE-2018-7755 CVE-2019-15126 CVE-2019-19377 CVE-2019-20811 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-27820 CVE-2020-29362 CVE-2021-0920 CVE-2021-0935 CVE-2021-20193 CVE-2021-20292 CVE-2021-20321 CVE-2021-22570 CVE-2021-25220 CVE-2021-26341 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-33098 CVE-2021-3564 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-38208 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39711 CVE-2021-39713 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4002 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-4083 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4135 CVE-2021-4136 CVE-2021-4149 CVE-2021-4157 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4197 CVE-2021-4202 CVE-2021-43389 CVE-2021-43565 CVE-2021-43975 CVE-2021-43976 CVE-2021-44142 CVE-2021-44733 CVE-2021-44879 CVE-2021-45095 CVE-2021-45486 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0002 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0322 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0778 CVE-2022-0812 CVE-2022-0850 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1097 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1419 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-2318 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26365 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVE-2022-28739 CVE-2022-28748 CVE-2022-29155 CVE-2022-29162 CVE-2022-29217 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20220715-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:284-1 Released: Tue Feb 1 17:15:23 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:345-1 Released: Tue Feb 8 05:13:04 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:366-1 Released: Thu Feb 10 17:40:06 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254,CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:768-1 Released: Tue Mar 8 19:10:57 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1190-1 Released: Wed Apr 13 20:52:23 2022 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1192343 This update for cloud-init contains the following fixes: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Remove patches included upstream. + Forward port fixes. + Fix for VMware Test, system dependend, not properly mocked previously. + Azure: fallback nic needs to be reevaluated during reprovisioning (#1094) [Anh Vo] + azure: pps imds (#1093) [Anh Vo] + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) [Brett Holman] + Allow libexec for hotplug (#1088) + Add necessary mocks to test_ovf unit tests (#1087) + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336) + distros: Remove a completed 'TODO' comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add 'install hotplug' module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add 'Google' as possible system-product-name (#1077) [vteratipally] + Update Debian security suite for bullseye (#1076) [Johann Queuniet] + Leave the details of service management to the distro (#1074) [Andy Fiddaman] + Fix typos in setup.py (#1059) [Christian Clauss] + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) [Emanuele Giuseppe Esposito] + VMware: read network-config from ISO (#1066) [Thomas Wei??schuh] + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) [Olivier Lemasle] (LP: #1942232) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) [Ryan Harper] + VMWARE: search the deployPkg plugin in multiarch dir (#1061) [xiaofengw-vmware] (LP: #1944946) + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493) + Use specified tmp location for growpart (#1046) [jshen28] + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman] + Allow comments in runcmd and report failed commands correctly (#1049) [Brett Holman] (LP: #1853146) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) [Paride Legovini] + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299) + renderer: convert relative imports to absolute (#1052) [Paride Legovini] + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) [Vlastimil Holer] + integration-requirements: bump the pycloudlib commit (#1047) [Paride Legovini] + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095] + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) [Andrew Gein] + Make wording for module frequency consistent (#1039) [Nicolas Bock] + Use ascii code for growpart (#1036) [jshen28] + Add jshen28 as contributor (#1035) [jshen28] + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) [eb3095] + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) [Paride Legovini] (LP: #1944414) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) [vteratipally] + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) [Renan Rodrigo] (LP: #1940236) + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun] + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans] + Improve ug_util.py (#1013) [Shreenidhi Shedi] + Support openEuler OS (#1012) [zhuzaifangxuele] + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) [Emanuele Giuseppe Esposito] + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) [Andy Fiddaman] + Add CloudLinux OS support (#1003) [Alexandr Kravchenko] + puppet config: add the start_agent option (#1002) [Andrew Bogott] + Fix `make style-check` errors (#1000) [Shreenidhi Shedi] + Make cloud-id copyright year (#991) [Andrii Podanenko] + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi] + Update ds-identify to pass shellcheck (#979) [Andrew Kutz] + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) [aswinrajamannar] + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz] + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] + Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] + Update inconsistent indentation (#962) [Andrew Kutz] + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] + Add Puppet contributors to CLA signers (#964) [Noah Fontes] + Datasource for VMware (#953) [Andrew Kutz] + photon: refactor hostname handling and add networkd activator (#958) [sshedi] + Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) [sshedi] + Add VZLinux support (#951) [eb3095] + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] + Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] + Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] (LP: #1911680) + VMware: new 'allow_raw_data' switch (#939) [xiaofengw-vmware] + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) [Renan Rodrigo] + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) [Gon??ri Le Bouder] + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) [Robert Schweikert] + cloud_tests: fix the Impish release name (#931) [Paride Legovini] + Removed distro specific network code from Photon (#929) [sshedi] + Add support for VMware PhotonOS (#909) [sshedi] + cloud_tests: add impish release definition (#927) [Paride Legovini] + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of 'DigitalOcean' (#924) [Mark Mercado] + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) [Gon??ri Le Bouder] + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) [Gon??ri Le Bouder] + Create the log file with 640 permissions (#858) [Robert Schweikert] + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) [Gon??ri Le Bouder] + Add Rocky Linux support to cloud-init (#906) [Louis Abel] + Add 'esposem' as contributor (#907) [Emanuele Giuseppe Esposito] + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] (LP: #1925395) + [examples] config-user-groups expire in the future (#902) [Geert Stappers] + BSD: static network, set the mtu (#894) [Gon??ri Le Bouder] + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) [dermotbradley] + Add AlmaLinux OS support (#872) [Andrew Lukoshko] + Still need to consider the 'network' configuration option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1256-1 Released: Tue Apr 19 10:22:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033,CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gve/net: Fixed multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net: tipc: validate domain record count on input (bsc#1195254). - powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1470-1 Released: Fri Apr 29 16:47:50 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1556-1 Released: Fri May 6 12:54:09 2022 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1188867 This update for xkeyboard-config fixes the following issues: - Add French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1674-1 Released: Mon May 16 10:12:11 2022 Summary: Security update for gzip Type: security Severity: important References: CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1817-1 Released: Mon May 23 14:58:24 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2002-1 Released: Mon Jun 6 20:54:06 2022 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1186571,1186823 This update for btrfsprogs fixes the following issues: - Ignore path devices when enumerating multipath device. (bsc#1186823) - Prevention 32bit overflow in btrfs-convert. (bsc#1186571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2024-1 Released: Thu Jun 9 10:13:12 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1198258 This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2041-1 Released: Fri Jun 10 11:33:51 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2111-1 Released: Fri Jun 17 09:22:18 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249,CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2380-1 Released: Wed Jul 13 10:46:20 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1003872,1175102,1178219,1199453 This update for dracut fixes the following issues: - Fixed for adding timeout to umount calls. (bsc#1178219) - Fixed setup errors in net-lib.sh due to premature did-setup in ifup.sh (bsc#1175102) - Fix kernel name parsing in purge-kernels script (bsc#1199453) - Fix nfsroot option parsing to avoid 'dracut' creating faulty default command line argument. (bsc#1003872) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2403-1 Released: Thu Jul 14 16:59:56 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2411-1 Released: Fri Jul 15 14:27:56 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1196901,1199487,1199657,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - btrfsprogs-udev-rules-4.19.1-150100.8.11.1 updated - btrfsprogs-4.19.1-150100.8.11.1 updated - cifs-utils-6.9-150100.5.15.1 updated - cloud-init-config-suse-21.4-150100.8.58.1 updated - cloud-init-21.4-150100.8.58.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-044.2-150000.18.79.2 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.02-150100.123.12.2 updated - grub2-x86_64-efi-2.02-150100.123.12.2 updated - grub2-2.02-150100.123.12.2 updated - gzip-1.10-150000.4.15.1 updated - kernel-default-4.12.14-150100.197.117.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150000.9.71.1 updated - libldap-data-2.4.46-150000.9.71.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.0i-150100.14.36.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsolv-tools-0.7.22-150100.4.6.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150100.3.78.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssl-1_1-1.1.0i-150100.14.36.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python-azure-agent-2.2.49.2-150100.3.23.1 updated - python3-PyJWT-1.7.1-150100.6.7.1 updated - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-netifaces-0.10.6-1.31 added - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.33.1-150000.3.37.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.24.1 updated - wicked-0.6.68-3.24.1 updated - xkeyboard-config-2.23.1-150000.3.12.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150100.3.55.2 updated From sle-updates at lists.suse.com Mon Jul 18 08:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 10:17:30 +0200 (CEST) Subject: SUSE-IU-2022:814-1: Security update of suse-sles-15-sp1-chost-byos-v20220715-hvm-ssd-x86_64 Message-ID: <20220718081730.97E6CF7C9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20220715-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:814-1 Image Tags : suse-sles-15-sp1-chost-byos-v20220715-hvm-ssd-x86_64:20220715 Image Release : Severity : critical Type : security References : 1003872 1028340 1029961 1029961 1040589 1055710 1057592 1065729 1070955 1071995 1071995 1082318 1084513 1087082 1099272 1114648 1115529 1120610 1121227 1121230 1122004 1122021 1124431 1128846 1130496 1134046 1156920 1158266 1160654 1162964 1167162 1169514 1172073 1172113 1172427 1172456 1173277 1174075 1174911 1175102 1177047 1177215 1177282 1177460 1178219 1178357 1179060 1179599 1180065 1180689 1180713 1181131 1181163 1181186 1181703 1181812 1181826 1182171 1182227 1182959 1183407 1183495 1183723 1184501 1184804 1185377 1185637 1185973 1186207 1186222 1186571 1186819 1186823 1187055 1187167 1187512 1187906 1188019 1188160 1188161 1188867 1189028 1189152 1189305 1189517 1189560 1189562 1189841 1190315 1190358 1190375 1190428 1190447 1190533 1190566 1190570 1190926 1190943 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191229 1191241 1191334 1191384 1191434 1191580 1191647 1191731 1191770 1191794 1191893 1191958 1192032 1192051 1192164 1192167 1192249 1192267 1192311 1192343 1192353 1192478 1192481 1192740 1192845 1192847 1192877 1192902 1192903 1192904 1192946 1192951 1193007 1193035 1193179 1193204 1193273 1193282 1193294 1193298 1193306 1193440 1193442 1193466 1193489 1193531 1193575 1193625 1193659 1193669 1193727 1193731 1193732 1193738 1193759 1193767 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193927 1193930 1194001 1194013 1194048 1194087 1194093 1194216 1194216 1194217 1194227 1194229 1194302 1194388 1194392 1194516 1194516 1194529 1194556 1194561 1194576 1194581 1194588 1194597 1194640 1194642 1194661 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194888 1194898 1194943 1194985 1195004 1195004 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195166 1195202 1195203 1195217 1195251 1195254 1195254 1195258 1195283 1195326 1195332 1195353 1195354 1195356 1195468 1195536 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195784 1195792 1195797 1195825 1195840 1195856 1195897 1195899 1195908 1195949 1195987 1195999 1196018 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196107 1196114 1196155 1196168 1196169 1196171 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196584 1196612 1196639 1196761 1196784 1196830 1196836 1196861 1196877 1196901 1196915 1196925 1196939 1196942 1196973 1196999 1197004 1197004 1197024 1197065 1197134 1197135 1197216 1197219 1197227 1197284 1197293 1197297 1197331 1197343 1197366 1197391 1197423 1197425 1197426 1197443 1197459 1197517 1197663 1197771 1197788 1197794 1197903 1198031 1198032 1198033 1198062 1198062 1198400 1198441 1198446 1198460 1198493 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198657 1198660 1198687 1198742 1198748 1198777 1198825 1199012 1199061 1199063 1199132 1199166 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199399 1199426 1199453 1199460 1199474 1199487 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199756 1199936 1199965 1199966 1200010 1200011 1200012 1200088 1200143 1200144 1200145 1200249 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200762 1201050 1201080 1201099 1201251 954329 CVE-2015-20107 CVE-2015-8985 CVE-2017-13695 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25020 CVE-2018-25032 CVE-2018-7755 CVE-2019-15126 CVE-2019-19377 CVE-2019-20811 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-27820 CVE-2020-29362 CVE-2021-0920 CVE-2021-0935 CVE-2021-20193 CVE-2021-20292 CVE-2021-20321 CVE-2021-22570 CVE-2021-25220 CVE-2021-26341 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-33098 CVE-2021-3564 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-38208 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39711 CVE-2021-39713 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4002 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-4083 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4135 CVE-2021-4136 CVE-2021-4149 CVE-2021-4157 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4197 CVE-2021-4202 CVE-2021-43389 CVE-2021-43565 CVE-2021-43975 CVE-2021-43976 CVE-2021-44142 CVE-2021-44733 CVE-2021-44879 CVE-2021-45095 CVE-2021-45486 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0001 CVE-2022-0002 CVE-2022-0002 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0322 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0778 CVE-2022-0812 CVE-2022-0850 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1097 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1419 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-2318 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26365 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVE-2022-28739 CVE-2022-28748 CVE-2022-29155 CVE-2022-29162 CVE-2022-29217 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20220715-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:284-1 Released: Tue Feb 1 17:15:23 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:345-1 Released: Tue Feb 8 05:13:04 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:366-1 Released: Thu Feb 10 17:40:06 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254,CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:468-1 Released: Thu Feb 17 09:52:01 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:768-1 Released: Tue Mar 8 19:10:57 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:931-1 Released: Tue Mar 22 11:10:44 2022 Summary: Security update for xen Type: security Severity: important References: 1196915,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002 This update for xen fixes the following issues: Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1190-1 Released: Wed Apr 13 20:52:23 2022 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1192343 This update for cloud-init contains the following fixes: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Remove patches included upstream. + Forward port fixes. + Fix for VMware Test, system dependend, not properly mocked previously. + Azure: fallback nic needs to be reevaluated during reprovisioning (#1094) [Anh Vo] + azure: pps imds (#1093) [Anh Vo] + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) [Brett Holman] + Allow libexec for hotplug (#1088) + Add necessary mocks to test_ovf unit tests (#1087) + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336) + distros: Remove a completed 'TODO' comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add 'install hotplug' module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add 'Google' as possible system-product-name (#1077) [vteratipally] + Update Debian security suite for bullseye (#1076) [Johann Queuniet] + Leave the details of service management to the distro (#1074) [Andy Fiddaman] + Fix typos in setup.py (#1059) [Christian Clauss] + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) [Emanuele Giuseppe Esposito] + VMware: read network-config from ISO (#1066) [Thomas Wei??schuh] + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) [Olivier Lemasle] (LP: #1942232) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) [Ryan Harper] + VMWARE: search the deployPkg plugin in multiarch dir (#1061) [xiaofengw-vmware] (LP: #1944946) + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493) + Use specified tmp location for growpart (#1046) [jshen28] + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman] + Allow comments in runcmd and report failed commands correctly (#1049) [Brett Holman] (LP: #1853146) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) [Paride Legovini] + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299) + renderer: convert relative imports to absolute (#1052) [Paride Legovini] + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) [Vlastimil Holer] + integration-requirements: bump the pycloudlib commit (#1047) [Paride Legovini] + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095] + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) [Andrew Gein] + Make wording for module frequency consistent (#1039) [Nicolas Bock] + Use ascii code for growpart (#1036) [jshen28] + Add jshen28 as contributor (#1035) [jshen28] + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) [eb3095] + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) [Paride Legovini] (LP: #1944414) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) [vteratipally] + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) [Renan Rodrigo] (LP: #1940236) + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun] + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans] + Improve ug_util.py (#1013) [Shreenidhi Shedi] + Support openEuler OS (#1012) [zhuzaifangxuele] + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) [Emanuele Giuseppe Esposito] + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) [Andy Fiddaman] + Add CloudLinux OS support (#1003) [Alexandr Kravchenko] + puppet config: add the start_agent option (#1002) [Andrew Bogott] + Fix `make style-check` errors (#1000) [Shreenidhi Shedi] + Make cloud-id copyright year (#991) [Andrii Podanenko] + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi] + Update ds-identify to pass shellcheck (#979) [Andrew Kutz] + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) [aswinrajamannar] + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz] + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] + Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] + Update inconsistent indentation (#962) [Andrew Kutz] + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] + Add Puppet contributors to CLA signers (#964) [Noah Fontes] + Datasource for VMware (#953) [Andrew Kutz] + photon: refactor hostname handling and add networkd activator (#958) [sshedi] + Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) [sshedi] + Add VZLinux support (#951) [eb3095] + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] + Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] + Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] (LP: #1911680) + VMware: new 'allow_raw_data' switch (#939) [xiaofengw-vmware] + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) [Renan Rodrigo] + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) [Gon??ri Le Bouder] + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) [Robert Schweikert] + cloud_tests: fix the Impish release name (#931) [Paride Legovini] + Removed distro specific network code from Photon (#929) [sshedi] + Add support for VMware PhotonOS (#909) [sshedi] + cloud_tests: add impish release definition (#927) [Paride Legovini] + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of 'DigitalOcean' (#924) [Mark Mercado] + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) [Gon??ri Le Bouder] + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) [Gon??ri Le Bouder] + Create the log file with 640 permissions (#858) [Robert Schweikert] + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) [Gon??ri Le Bouder] + Add Rocky Linux support to cloud-init (#906) [Louis Abel] + Add 'esposem' as contributor (#907) [Emanuele Giuseppe Esposito] + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] (LP: #1925395) + [examples] config-user-groups expire in the future (#902) [Geert Stappers] + BSD: static network, set the mtu (#894) [Gon??ri Le Bouder] + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) [dermotbradley] + Add AlmaLinux OS support (#872) [Andrew Lukoshko] + Still need to consider the 'network' configuration option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1256-1 Released: Tue Apr 19 10:22:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033,CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gve/net: Fixed multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net: tipc: validate domain record count on input (bsc#1195254). - powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1470-1 Released: Fri Apr 29 16:47:50 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1556-1 Released: Fri May 6 12:54:09 2022 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1188867 This update for xkeyboard-config fixes the following issues: - Add French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1674-1 Released: Mon May 16 10:12:11 2022 Summary: Security update for gzip Type: security Severity: important References: CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1817-1 Released: Mon May 23 14:58:24 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2002-1 Released: Mon Jun 6 20:54:06 2022 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1186571,1186823 This update for btrfsprogs fixes the following issues: - Ignore path devices when enumerating multipath device. (bsc#1186823) - Prevention 32bit overflow in btrfs-convert. (bsc#1186571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2041-1 Released: Fri Jun 10 11:33:51 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2111-1 Released: Fri Jun 17 09:22:18 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249,CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2158-1 Released: Thu Jun 23 10:03:53 2022 Summary: Security update for xen Type: security Severity: important References: 1197423,1197425,1197426,1199965,1199966,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2380-1 Released: Wed Jul 13 10:46:20 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1003872,1175102,1178219,1199453 This update for dracut fixes the following issues: - Fixed for adding timeout to umount calls. (bsc#1178219) - Fixed setup errors in net-lib.sh due to premature did-setup in ifup.sh (bsc#1175102) - Fix kernel name parsing in purge-kernels script (bsc#1199453) - Fix nfsroot option parsing to avoid 'dracut' creating faulty default command line argument. (bsc#1003872) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2403-1 Released: Thu Jul 14 16:59:56 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2411-1 Released: Fri Jul 15 14:27:56 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1196901,1199487,1199657,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - btrfsprogs-udev-rules-4.19.1-150100.8.11.1 updated - btrfsprogs-4.19.1-150100.8.11.1 updated - cifs-utils-6.9-150100.5.15.1 updated - cloud-init-config-suse-21.4-150100.8.58.1 updated - cloud-init-21.4-150100.8.58.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-044.2-150000.18.79.2 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.02-150100.123.12.2 updated - grub2-x86_64-efi-2.02-150100.123.12.2 updated - grub2-x86_64-xen-2.02-150100.123.12.2 updated - grub2-2.02-150100.123.12.2 updated - gzip-1.10-150000.4.15.1 updated - kernel-default-4.12.14-150100.197.117.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150000.9.71.1 updated - libldap-data-2.4.46-150000.9.71.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.0i-150100.14.36.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsolv-tools-0.7.22-150100.4.6.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150100.3.78.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssl-1_1-1.1.0i-150100.14.36.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python3-PyJWT-1.7.1-150100.6.7.1 updated - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-netifaces-0.10.6-1.31 added - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.33.1-150000.3.37.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.24.1 updated - wicked-0.6.68-3.24.1 updated - xen-libs-4.12.4_24-150100.3.72.1 updated - xen-tools-domU-4.12.4_24-150100.3.72.1 updated - xkeyboard-config-2.23.1-150000.3.12.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150100.3.55.2 updated From sle-updates at lists.suse.com Mon Jul 18 08:20:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 10:20:24 +0200 (CEST) Subject: SUSE-IU-2022:817-1: Security update of sles-15-sp1-chost-byos-v20220715-x86-64 Message-ID: <20220718082024.2C521F7C9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp1-chost-byos-v20220715-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:817-1 Image Tags : sles-15-sp1-chost-byos-v20220715-x86-64:20220715 Image Release : Severity : critical Type : security References : 1003872 1028340 1029961 1029961 1040589 1055710 1057592 1065729 1070955 1071995 1071995 1080985 1082318 1084513 1087082 1099272 1102408 1111572 1114648 1115529 1120610 1121227 1121230 1122004 1122021 1124431 1128846 1130496 1134046 1142041 1156920 1158266 1160654 1162964 1167162 1169514 1172073 1172113 1172427 1172456 1173277 1174075 1174911 1175102 1177047 1177215 1177282 1177460 1178219 1178357 1179060 1179599 1180065 1180689 1180713 1181131 1181163 1181186 1181703 1181812 1181826 1182171 1182227 1182959 1183407 1183495 1183723 1184501 1184804 1185377 1185637 1185973 1186207 1186222 1186571 1186819 1186823 1187055 1187167 1187512 1187906 1188019 1188160 1188161 1188867 1189028 1189152 1189305 1189517 1189560 1189562 1189841 1190315 1190358 1190375 1190428 1190447 1190533 1190566 1190570 1190926 1190943 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191229 1191241 1191334 1191384 1191434 1191580 1191647 1191731 1191770 1191794 1191893 1191958 1192032 1192051 1192164 1192167 1192249 1192267 1192311 1192353 1192478 1192481 1192652 1192653 1192740 1192845 1192847 1192877 1192902 1192903 1192904 1192946 1192951 1193007 1193035 1193179 1193204 1193257 1193258 1193273 1193282 1193294 1193298 1193306 1193440 1193442 1193466 1193489 1193575 1193625 1193659 1193669 1193727 1193731 1193732 1193738 1193759 1193767 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193927 1193930 1194001 1194013 1194048 1194087 1194093 1194216 1194216 1194217 1194227 1194229 1194302 1194388 1194392 1194516 1194516 1194529 1194556 1194561 1194597 1194640 1194642 1194661 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194888 1194898 1194943 1194985 1195004 1195004 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195166 1195202 1195203 1195217 1195251 1195254 1195254 1195258 1195283 1195326 1195332 1195353 1195354 1195356 1195437 1195438 1195468 1195536 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195784 1195792 1195797 1195825 1195840 1195856 1195897 1195899 1195908 1195949 1195987 1195999 1196018 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196107 1196114 1196155 1196168 1196169 1196171 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196584 1196612 1196639 1196761 1196784 1196830 1196836 1196861 1196877 1196901 1196925 1196939 1196942 1196973 1196999 1197004 1197004 1197024 1197065 1197134 1197135 1197216 1197219 1197227 1197284 1197293 1197297 1197331 1197343 1197366 1197391 1197443 1197459 1197517 1197663 1197771 1197788 1197794 1197903 1198031 1198032 1198033 1198062 1198062 1198106 1198400 1198441 1198446 1198460 1198493 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198660 1198687 1198742 1198748 1198777 1198825 1199012 1199061 1199063 1199132 1199166 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199399 1199426 1199453 1199460 1199474 1199487 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199936 1200010 1200011 1200012 1200088 1200143 1200144 1200145 1200249 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200762 1201050 1201080 1201099 1201251 954329 CVE-2015-20107 CVE-2015-8985 CVE-2017-13695 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25020 CVE-2018-25032 CVE-2018-6952 CVE-2018-7755 CVE-2019-13636 CVE-2019-15126 CVE-2019-19377 CVE-2019-20811 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-27820 CVE-2020-29362 CVE-2021-0920 CVE-2021-0935 CVE-2021-20193 CVE-2021-20292 CVE-2021-20321 CVE-2021-22570 CVE-2021-25220 CVE-2021-26341 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-33098 CVE-2021-3564 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-38208 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39711 CVE-2021-39713 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4002 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-4083 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4135 CVE-2021-4136 CVE-2021-4149 CVE-2021-4157 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4197 CVE-2021-4202 CVE-2021-43389 CVE-2021-43565 CVE-2021-43975 CVE-2021-43976 CVE-2021-44142 CVE-2021-44733 CVE-2021-44879 CVE-2021-45095 CVE-2021-45486 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0002 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0322 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0778 CVE-2022-0812 CVE-2022-0850 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1097 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1419 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-2318 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26365 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVE-2022-28739 CVE-2022-28748 CVE-2022-29155 CVE-2022-29162 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 ----------------------------------------------------------------- The container sles-15-sp1-chost-byos-v20220715-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:273-1 Released: Tue Feb 1 14:15:21 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: important References: 1102408,1192652,1192653,1193257,1193258 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Changes in google-guest-configs: - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the 'udevdir' pkg-config variable on SLE-15-SP2 and older since the variable got renamed to 'udev_dir' in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert 'dont set IP in etc/hosts; remove rsyslog (#26)' (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Changes in google-guest-oslogin: - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Changes in google-osconfig-agent: - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:284-1 Released: Tue Feb 1 17:15:23 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:345-1 Released: Tue Feb 8 05:13:04 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:366-1 Released: Thu Feb 10 17:40:06 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1071995,1124431,1167162,1169514,1172073,1179599,1184804,1185377,1186207,1186222,1187167,1189305,1189841,1190358,1190428,1191229,1191241,1191384,1191731,1192032,1192267,1192740,1192845,1192847,1192877,1192946,1193306,1193440,1193442,1193575,1193669,1193727,1193731,1193767,1193861,1193864,1193867,1193927,1194001,1194048,1194087,1194227,1194302,1194516,1194529,1194880,1194888,1194985,1195166,1195254,CVE-2018-25020,CVE-2019-15126,CVE-2020-27820,CVE-2021-0920,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45095,CVE-2021-45486,CVE-2022-0322,CVE-2022-0330 The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:768-1 Released: Tue Mar 8 19:10:57 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185973,1191580,1194516,1195536,1195543,1195612,1195840,1195897,1195908,1195949,1195987,1196079,1196155,1196584,1196612,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24959 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1256-1 Released: Tue Apr 19 10:22:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189562,1193738,1194943,1195051,1195254,1195353,1196018,1196114,1196433,1196468,1196488,1196514,1196639,1196761,1196830,1196836,1196942,1196973,1197227,1197331,1197366,1197391,1198031,1198032,1198033,CVE-2021-39713,CVE-2021-45868,CVE-2022-0812,CVE-2022-0850,CVE-2022-1016,CVE-2022-1048,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gve/net: Fixed multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net: tipc: validate domain record count on input (bsc#1195254). - powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1460-1 Released: Thu Apr 28 16:21:58 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1195437,1195438 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220204.00. (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20220211.00. (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Update to version 20220205.00. (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1470-1 Released: Fri Apr 29 16:47:50 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1556-1 Released: Fri May 6 12:54:09 2022 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1188867 This update for xkeyboard-config fixes the following issues: - Add French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1674-1 Released: Mon May 16 10:12:11 2022 Summary: Security update for gzip Type: security Severity: important References: CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1817-1 Released: Mon May 23 14:58:24 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1925-1 Released: Thu Jun 2 14:35:20 2022 Summary: Security update for patch Type: security Severity: moderate References: 1080985,1111572,1142041,1198106,CVE-2018-6952,CVE-2019-13636 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2002-1 Released: Mon Jun 6 20:54:06 2022 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1186571,1186823 This update for btrfsprogs fixes the following issues: - Ignore path devices when enumerating multipath device. (bsc#1186823) - Prevention 32bit overflow in btrfs-convert. (bsc#1186571) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2041-1 Released: Fri Jun 10 11:33:51 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1198460,1198493,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2111-1 Released: Fri Jun 17 09:22:18 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1055710,1065729,1071995,1084513,1087082,1114648,1158266,1172456,1177282,1182171,1183723,1187055,1191647,1191958,1195065,1195651,1196018,1196367,1196426,1196999,1197219,1197343,1197663,1198400,1198516,1198577,1198660,1198687,1198742,1198777,1198825,1199012,1199063,1199314,1199399,1199426,1199505,1199507,1199605,1199650,1200143,1200144,1200249,CVE-2017-13695,CVE-2018-7755,CVE-2019-19377,CVE-2019-20811,CVE-2020-26541,CVE-2021-20292,CVE-2021-20321,CVE-2021-33061,CVE-2021-38208,CVE-2021-39711,CVE-2021-43389,CVE-2022-1011,CVE-2022-1184,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-22942,CVE-2022-28748,CVE-2022-30594 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2380-1 Released: Wed Jul 13 10:46:20 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1003872,1175102,1178219,1199453 This update for dracut fixes the following issues: - Fixed for adding timeout to umount calls. (bsc#1178219) - Fixed setup errors in net-lib.sh due to premature did-setup in ifup.sh (bsc#1175102) - Fix kernel name parsing in purge-kernels script (bsc#1199453) - Fix nfsroot option parsing to avoid 'dracut' creating faulty default command line argument. (bsc#1003872) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2411-1 Released: Fri Jul 15 14:27:56 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1196901,1199487,1199657,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1200762,1201050,1201080,1201251,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-2318,CVE-2022-26365,CVE-2022-29900,CVE-2022-29901,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33981 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - btrfsprogs-udev-rules-4.19.1-150100.8.11.1 updated - btrfsprogs-4.19.1-150100.8.11.1 updated - cifs-utils-6.9-150100.5.15.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-044.2-150000.18.79.2 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - google-guest-agent-20220204.00-150000.1.26.1 updated - google-guest-configs-20220211.00-150000.1.19.1 updated - google-guest-oslogin-20220205.00-150000.1.27.1 updated - google-osconfig-agent-20220209.00-150000.1.17.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.02-150100.123.12.2 updated - grub2-x86_64-efi-2.02-150100.123.12.2 updated - grub2-2.02-150100.123.12.2 updated - gzip-1.10-150000.4.15.1 updated - kernel-default-4.12.14-150100.197.117.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150000.9.71.1 updated - libldap-data-2.4.46-150000.9.71.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.0i-150100.14.36.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libsolv-tools-0.7.22-150100.4.6.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150100.3.78.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssl-1_1-1.1.0i-150100.14.36.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - patch-2.7.6-150000.5.3.1 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.33.1-150000.3.37.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.24.1 updated - wicked-0.6.68-3.24.1 updated - xkeyboard-config-2.23.1-150000.3.12.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150100.3.55.2 updated From sle-updates at lists.suse.com Mon Jul 18 10:16:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 12:16:36 +0200 (CEST) Subject: SUSE-SU-2022:2423-1: important: Security update for the Linux Kernel Message-ID: <20220718101636.88911F7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2423-1 Rating: important References: #1194013 #1195775 #1196901 #1197362 #1199487 #1199489 #1199657 #1200263 #1200442 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1201050 #1201080 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - exec: Force single empty string when argv is empty (bsc#1200571). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2423=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2423=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2423=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2423=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2423=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2423=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2423=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2423=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2423=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2423=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2423=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-livepatch-5.3.18-150200.24.120.1 kernel-default-livepatch-devel-5.3.18-150200.24.120.1 kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1 kernel-livepatch-5_3_18-150200_24_120-default-debuginfo-1-150200.5.5.1 kernel-livepatch-SLE15-SP2_Update_28-debugsource-1-150200.5.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.120.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.120.1 dlm-kmp-default-5.3.18-150200.24.120.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.120.1 gfs2-kmp-default-5.3.18-150200.24.120.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 ocfs2-kmp-default-5.3.18-150200.24.120.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.120.1 kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2 kernel-default-debuginfo-5.3.18-150200.24.120.1 kernel-default-debugsource-5.3.18-150200.24.120.1 kernel-default-devel-5.3.18-150200.24.120.1 kernel-default-devel-debuginfo-5.3.18-150200.24.120.1 kernel-obs-build-5.3.18-150200.24.120.1 kernel-obs-build-debugsource-5.3.18-150200.24.120.1 kernel-preempt-5.3.18-150200.24.120.1 kernel-preempt-debuginfo-5.3.18-150200.24.120.1 kernel-preempt-debugsource-5.3.18-150200.24.120.1 kernel-preempt-devel-5.3.18-150200.24.120.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.120.1 kernel-syms-5.3.18-150200.24.120.1 reiserfs-kmp-default-5.3.18-150200.24.120.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.120.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.120.1 kernel-docs-5.3.18-150200.24.120.1 kernel-macros-5.3.18-150200.24.120.1 kernel-source-5.3.18-150200.24.120.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Mon Jul 18 10:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 12:18:56 +0200 (CEST) Subject: SUSE-SU-2022:2424-1: important: Security update for the Linux Kernel Message-ID: <20220718101856.D221EF7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2424-1 Rating: important References: #1065729 #1179195 #1180814 #1184924 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1198924 #1199482 #1199487 #1199489 #1199657 #1200217 #1200263 #1200343 #1200442 #1200571 #1200599 #1200600 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 SLE-15442 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 43 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Add various fsctl structs (bsc#1200217). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes). - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: fix snapshot mount option (bsc#1200217). - [smb3] improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - [smb3] move more common protocol header definitions to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-2424=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2424=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2424=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.96.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.96.1 dlm-kmp-rt-5.3.18-150300.96.1 dlm-kmp-rt-debuginfo-5.3.18-150300.96.1 gfs2-kmp-rt-5.3.18-150300.96.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.96.1 kernel-rt-5.3.18-150300.96.1 kernel-rt-debuginfo-5.3.18-150300.96.1 kernel-rt-debugsource-5.3.18-150300.96.1 kernel-rt-devel-5.3.18-150300.96.1 kernel-rt-devel-debuginfo-5.3.18-150300.96.1 kernel-rt_debug-debuginfo-5.3.18-150300.96.1 kernel-rt_debug-debugsource-5.3.18-150300.96.1 kernel-rt_debug-devel-5.3.18-150300.96.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.96.1 kernel-syms-rt-5.3.18-150300.96.1 ocfs2-kmp-rt-5.3.18-150300.96.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.96.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.96.1 kernel-source-rt-5.3.18-150300.96.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.96.1 kernel-rt-debuginfo-5.3.18-150300.96.1 kernel-rt-debugsource-5.3.18-150300.96.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.96.1 kernel-rt-debuginfo-5.3.18-150300.96.1 kernel-rt-debugsource-5.3.18-150300.96.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198924 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200217 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201143 https://bugzilla.suse.com/1201147 https://bugzilla.suse.com/1201149 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Mon Jul 18 10:23:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 12:23:49 +0200 (CEST) Subject: SUSE-SU-2022:2425-1: important: Security update for nodejs14 Message-ID: <20220718102349.6AC76F7C9@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2425-1 Rating: important References: #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2425=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2425=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2425=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2425=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2425=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2425=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2425=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2425=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2425=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2425=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2425=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2425=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.20.0-150200.15.34.1 nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Manager Server 4.1 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Manager Proxy 4.1 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs14-docs-14.20.0-150200.15.34.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs14-14.20.0-150200.15.34.1 nodejs14-debuginfo-14.20.0-150200.15.34.1 nodejs14-debugsource-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 - SUSE Enterprise Storage 7 (noarch): nodejs14-docs-14.20.0-150200.15.34.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Mon Jul 18 10:25:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 12:25:11 +0200 (CEST) Subject: SUSE-SU-2022:2422-1: important: Security update for the Linux Kernel Message-ID: <20220718102511.D3993F7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2422-1 Rating: important References: #1065729 #1179195 #1180814 #1184924 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1198924 #1199482 #1199487 #1199489 #1199657 #1200217 #1200263 #1200343 #1200442 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2422=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2422=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2422=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2422=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2422=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2422=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2422=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2422=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2422=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2422=1 Package List: - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.81.1 dtb-zte-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.81.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.81.1 dlm-kmp-default-5.3.18-150300.59.81.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.81.1 gfs2-kmp-default-5.3.18-150300.59.81.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-5.3.18-150300.59.81.1 kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2 kernel-default-base-rebuild-5.3.18-150300.59.81.1.150300.18.47.2 kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 kernel-default-devel-5.3.18-150300.59.81.1 kernel-default-devel-debuginfo-5.3.18-150300.59.81.1 kernel-default-extra-5.3.18-150300.59.81.1 kernel-default-extra-debuginfo-5.3.18-150300.59.81.1 kernel-default-livepatch-5.3.18-150300.59.81.1 kernel-default-livepatch-devel-5.3.18-150300.59.81.1 kernel-default-optional-5.3.18-150300.59.81.1 kernel-default-optional-debuginfo-5.3.18-150300.59.81.1 kernel-obs-build-5.3.18-150300.59.81.1 kernel-obs-build-debugsource-5.3.18-150300.59.81.1 kernel-obs-qa-5.3.18-150300.59.81.1 kernel-syms-5.3.18-150300.59.81.1 kselftests-kmp-default-5.3.18-150300.59.81.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.81.1 ocfs2-kmp-default-5.3.18-150300.59.81.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1 reiserfs-kmp-default-5.3.18-150300.59.81.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.81.1 kernel-debug-debuginfo-5.3.18-150300.59.81.1 kernel-debug-debugsource-5.3.18-150300.59.81.1 kernel-debug-devel-5.3.18-150300.59.81.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.81.1 kernel-debug-livepatch-devel-5.3.18-150300.59.81.1 kernel-kvmsmall-5.3.18-150300.59.81.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.81.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.81.1 kernel-kvmsmall-devel-5.3.18-150300.59.81.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.81.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.81.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 dlm-kmp-preempt-5.3.18-150300.59.81.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 gfs2-kmp-preempt-5.3.18-150300.59.81.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-5.3.18-150300.59.81.1 kernel-preempt-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-debugsource-5.3.18-150300.59.81.1 kernel-preempt-devel-5.3.18-150300.59.81.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-extra-5.3.18-150300.59.81.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.81.1 kernel-preempt-optional-5.3.18-150300.59.81.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.81.1 kselftests-kmp-preempt-5.3.18-150300.59.81.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 ocfs2-kmp-preempt-5.3.18-150300.59.81.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 reiserfs-kmp-preempt-5.3.18-150300.59.81.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.81.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 dlm-kmp-64kb-5.3.18-150300.59.81.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 dtb-al-5.3.18-150300.59.81.1 dtb-allwinner-5.3.18-150300.59.81.1 dtb-altera-5.3.18-150300.59.81.1 dtb-amd-5.3.18-150300.59.81.1 dtb-amlogic-5.3.18-150300.59.81.1 dtb-apm-5.3.18-150300.59.81.1 dtb-arm-5.3.18-150300.59.81.1 dtb-broadcom-5.3.18-150300.59.81.1 dtb-cavium-5.3.18-150300.59.81.1 dtb-exynos-5.3.18-150300.59.81.1 dtb-freescale-5.3.18-150300.59.81.1 dtb-hisilicon-5.3.18-150300.59.81.1 dtb-lg-5.3.18-150300.59.81.1 dtb-marvell-5.3.18-150300.59.81.1 dtb-mediatek-5.3.18-150300.59.81.1 dtb-nvidia-5.3.18-150300.59.81.1 dtb-qcom-5.3.18-150300.59.81.1 dtb-renesas-5.3.18-150300.59.81.1 dtb-rockchip-5.3.18-150300.59.81.1 dtb-socionext-5.3.18-150300.59.81.1 dtb-sprd-5.3.18-150300.59.81.1 dtb-xilinx-5.3.18-150300.59.81.1 dtb-zte-5.3.18-150300.59.81.1 gfs2-kmp-64kb-5.3.18-150300.59.81.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 kernel-64kb-5.3.18-150300.59.81.1 kernel-64kb-debuginfo-5.3.18-150300.59.81.1 kernel-64kb-debugsource-5.3.18-150300.59.81.1 kernel-64kb-devel-5.3.18-150300.59.81.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.81.1 kernel-64kb-extra-5.3.18-150300.59.81.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.81.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.81.1 kernel-64kb-optional-5.3.18-150300.59.81.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.81.1 kselftests-kmp-64kb-5.3.18-150300.59.81.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 ocfs2-kmp-64kb-5.3.18-150300.59.81.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 reiserfs-kmp-64kb-5.3.18-150300.59.81.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.81.1 kernel-docs-5.3.18-150300.59.81.1 kernel-docs-html-5.3.18-150300.59.81.1 kernel-macros-5.3.18-150300.59.81.1 kernel-source-5.3.18-150300.59.81.1 kernel-source-vanilla-5.3.18-150300.59.81.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.81.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.81.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 kernel-default-extra-5.3.18-150300.59.81.1 kernel-default-extra-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-debugsource-5.3.18-150300.59.81.1 kernel-preempt-extra-5.3.18-150300.59.81.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 kernel-default-livepatch-5.3.18-150300.59.81.1 kernel-default-livepatch-devel-5.3.18-150300.59.81.1 kernel-livepatch-5_3_18-150300_59_81-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 reiserfs-kmp-default-5.3.18-150300.59.81.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.81.1 kernel-obs-build-debugsource-5.3.18-150300.59.81.1 kernel-syms-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-debugsource-5.3.18-150300.59.81.1 kernel-preempt-devel-5.3.18-150300.59.81.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.81.1 kernel-source-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.81.1 kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2 kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 kernel-default-devel-5.3.18-150300.59.81.1 kernel-default-devel-debuginfo-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.81.1 kernel-preempt-debuginfo-5.3.18-150300.59.81.1 kernel-preempt-debugsource-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.81.1 kernel-64kb-debuginfo-5.3.18-150300.59.81.1 kernel-64kb-debugsource-5.3.18-150300.59.81.1 kernel-64kb-devel-5.3.18-150300.59.81.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.81.1 kernel-macros-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.81.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.81.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.81.1 kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2 kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.81.1 kernel-default-base-5.3.18-150300.59.81.1.150300.18.47.2 kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.81.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.81.1 dlm-kmp-default-5.3.18-150300.59.81.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.81.1 gfs2-kmp-default-5.3.18-150300.59.81.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debuginfo-5.3.18-150300.59.81.1 kernel-default-debugsource-5.3.18-150300.59.81.1 ocfs2-kmp-default-5.3.18-150300.59.81.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.81.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198924 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200217 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201143 https://bugzilla.suse.com/1201147 https://bugzilla.suse.com/1201149 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Mon Jul 18 10:30:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 12:30:08 +0200 (CEST) Subject: SUSE-RU-2022:2426-1: moderate: Recommended update for rsyslog Message-ID: <20220718103008.445E3F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2426-1 Rating: moderate References: #1198939 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2426=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2426=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2426=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150400.5.3.1 rsyslog-debuginfo-8.2106.0-150400.5.3.1 rsyslog-debugsource-8.2106.0-150400.5.3.1 rsyslog-diag-tools-8.2106.0-150400.5.3.1 rsyslog-diag-tools-debuginfo-8.2106.0-150400.5.3.1 rsyslog-doc-8.2106.0-150400.5.3.1 rsyslog-module-dbi-8.2106.0-150400.5.3.1 rsyslog-module-dbi-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-elasticsearch-8.2106.0-150400.5.3.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-gcrypt-8.2106.0-150400.5.3.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-gssapi-8.2106.0-150400.5.3.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-gtls-8.2106.0-150400.5.3.1 rsyslog-module-gtls-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-kafka-8.2106.0-150400.5.3.1 rsyslog-module-kafka-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-mmnormalize-8.2106.0-150400.5.3.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-mysql-8.2106.0-150400.5.3.1 rsyslog-module-mysql-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-omamqp1-8.2106.0-150400.5.3.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-omhttpfs-8.2106.0-150400.5.3.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-omtcl-8.2106.0-150400.5.3.1 rsyslog-module-omtcl-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-ossl-8.2106.0-150400.5.3.1 rsyslog-module-ossl-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-pgsql-8.2106.0-150400.5.3.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-relp-8.2106.0-150400.5.3.1 rsyslog-module-relp-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-snmp-8.2106.0-150400.5.3.1 rsyslog-module-snmp-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-udpspoof-8.2106.0-150400.5.3.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150400.5.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-150400.5.3.1 rsyslog-debugsource-8.2106.0-150400.5.3.1 rsyslog-module-gssapi-8.2106.0-150400.5.3.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-gtls-8.2106.0-150400.5.3.1 rsyslog-module-gtls-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-mmnormalize-8.2106.0-150400.5.3.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-mysql-8.2106.0-150400.5.3.1 rsyslog-module-mysql-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-pgsql-8.2106.0-150400.5.3.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-relp-8.2106.0-150400.5.3.1 rsyslog-module-relp-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-snmp-8.2106.0-150400.5.3.1 rsyslog-module-snmp-debuginfo-8.2106.0-150400.5.3.1 rsyslog-module-udpspoof-8.2106.0-150400.5.3.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150400.5.3.1 rsyslog-debuginfo-8.2106.0-150400.5.3.1 rsyslog-debugsource-8.2106.0-150400.5.3.1 References: https://bugzilla.suse.com/1198939 From sle-updates at lists.suse.com Mon Jul 18 16:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 18:16:19 +0200 (CEST) Subject: SUSE-RU-2020:2816-2: moderate: Recommended update for libica Message-ID: <20220718161619.D46BAFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2816-2 Rating: moderate References: #1175277 #1175356 #1175357 Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libica fixes the following issues: Various FIPS related fixes have been applied: - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277) - Fix FIPS hmac check (bsc#1175356). * Update FIPS support to upstream * FIPS check should fail when hmac is missing - Create an hmac for the selftest - Check that selftest fails without a hmac - Hash libica.so.3 rather than libica.so.3.6.0 - Fix Some internal variables used to store sensitive information (keys) were not zeroized before returning to the calling application. (bsc#1175357) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2429=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (s390x): libica-debugsource-3.6.0-5.3.1 libica-devel-3.6.0-5.3.1 libica-devel-static-3.6.0-5.3.1 libica-tools-3.6.0-5.3.1 libica-tools-debuginfo-3.6.0-5.3.1 libica3-3.6.0-5.3.1 libica3-debuginfo-3.6.0-5.3.1 References: https://bugzilla.suse.com/1175277 https://bugzilla.suse.com/1175356 https://bugzilla.suse.com/1175357 From sle-updates at lists.suse.com Mon Jul 18 19:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jul 2022 21:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2430-1: important: Security update for nodejs12 Message-ID: <20220718191632.86223F7C9@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2430-1 Rating: important References: #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2430=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2430=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2430=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2430=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2430=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2430=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2430=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2430=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2430=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2430=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2430=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2430=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.12-150200.4.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.12-150200.4.35.1 nodejs12-debuginfo-12.22.12-150200.4.35.1 nodejs12-debugsource-12.22.12-150200.4.35.1 nodejs12-devel-12.22.12-150200.4.35.1 npm12-12.22.12-150200.4.35.1 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.12-150200.4.35.1 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Mon Jul 18 22:16:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 00:16:18 +0200 (CEST) Subject: SUSE-SU-2022:2432-1: important: Security update for dovecot23 Message-ID: <20220718221618.C7935F7C9@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2432-1 Rating: important References: #1201267 Cross-References: CVE-2022-30550 CVSS scores: CVE-2022-30550 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2432=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2432=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2432=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2432=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2432=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2432=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 - SUSE CaaS Platform 4.0 (x86_64): dovecot23-2.3.15-150100.31.1 dovecot23-backend-mysql-2.3.15-150100.31.1 dovecot23-backend-mysql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-pgsql-2.3.15-150100.31.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150100.31.1 dovecot23-backend-sqlite-2.3.15-150100.31.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150100.31.1 dovecot23-debuginfo-2.3.15-150100.31.1 dovecot23-debugsource-2.3.15-150100.31.1 dovecot23-devel-2.3.15-150100.31.1 dovecot23-fts-2.3.15-150100.31.1 dovecot23-fts-debuginfo-2.3.15-150100.31.1 dovecot23-fts-lucene-2.3.15-150100.31.1 dovecot23-fts-lucene-debuginfo-2.3.15-150100.31.1 dovecot23-fts-solr-2.3.15-150100.31.1 dovecot23-fts-solr-debuginfo-2.3.15-150100.31.1 dovecot23-fts-squat-2.3.15-150100.31.1 dovecot23-fts-squat-debuginfo-2.3.15-150100.31.1 References: https://www.suse.com/security/cve/CVE-2022-30550.html https://bugzilla.suse.com/1201267 From sle-updates at lists.suse.com Mon Jul 18 22:16:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 00:16:59 +0200 (CEST) Subject: SUSE-SU-2022:2431-1: important: Security update for dovecot23 Message-ID: <20220718221659.F086DF7C9@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2431-1 Rating: important References: #1201267 Cross-References: CVE-2022-30550 CVSS scores: CVE-2022-30550 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2431=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2431=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2431=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2431=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dovecot23-2.3.15-150000.4.42.1 dovecot23-backend-mysql-2.3.15-150000.4.42.1 dovecot23-backend-mysql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150000.4.42.1 dovecot23-debuginfo-2.3.15-150000.4.42.1 dovecot23-debugsource-2.3.15-150000.4.42.1 dovecot23-devel-2.3.15-150000.4.42.1 dovecot23-fts-2.3.15-150000.4.42.1 dovecot23-fts-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-lucene-2.3.15-150000.4.42.1 dovecot23-fts-lucene-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-solr-2.3.15-150000.4.42.1 dovecot23-fts-solr-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-squat-2.3.15-150000.4.42.1 dovecot23-fts-squat-debuginfo-2.3.15-150000.4.42.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dovecot23-2.3.15-150000.4.42.1 dovecot23-backend-mysql-2.3.15-150000.4.42.1 dovecot23-backend-mysql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150000.4.42.1 dovecot23-debuginfo-2.3.15-150000.4.42.1 dovecot23-debugsource-2.3.15-150000.4.42.1 dovecot23-devel-2.3.15-150000.4.42.1 dovecot23-fts-2.3.15-150000.4.42.1 dovecot23-fts-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-lucene-2.3.15-150000.4.42.1 dovecot23-fts-lucene-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-solr-2.3.15-150000.4.42.1 dovecot23-fts-solr-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-squat-2.3.15-150000.4.42.1 dovecot23-fts-squat-debuginfo-2.3.15-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dovecot23-2.3.15-150000.4.42.1 dovecot23-backend-mysql-2.3.15-150000.4.42.1 dovecot23-backend-mysql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150000.4.42.1 dovecot23-debuginfo-2.3.15-150000.4.42.1 dovecot23-debugsource-2.3.15-150000.4.42.1 dovecot23-devel-2.3.15-150000.4.42.1 dovecot23-fts-2.3.15-150000.4.42.1 dovecot23-fts-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-lucene-2.3.15-150000.4.42.1 dovecot23-fts-lucene-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-solr-2.3.15-150000.4.42.1 dovecot23-fts-solr-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-squat-2.3.15-150000.4.42.1 dovecot23-fts-squat-debuginfo-2.3.15-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dovecot23-2.3.15-150000.4.42.1 dovecot23-backend-mysql-2.3.15-150000.4.42.1 dovecot23-backend-mysql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-2.3.15-150000.4.42.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-2.3.15-150000.4.42.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150000.4.42.1 dovecot23-debuginfo-2.3.15-150000.4.42.1 dovecot23-debugsource-2.3.15-150000.4.42.1 dovecot23-devel-2.3.15-150000.4.42.1 dovecot23-fts-2.3.15-150000.4.42.1 dovecot23-fts-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-lucene-2.3.15-150000.4.42.1 dovecot23-fts-lucene-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-solr-2.3.15-150000.4.42.1 dovecot23-fts-solr-debuginfo-2.3.15-150000.4.42.1 dovecot23-fts-squat-2.3.15-150000.4.42.1 dovecot23-fts-squat-debuginfo-2.3.15-150000.4.42.1 References: https://www.suse.com/security/cve/CVE-2022-30550.html https://bugzilla.suse.com/1201267 From sle-updates at lists.suse.com Tue Jul 19 07:40:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 09:40:01 +0200 (CEST) Subject: SUSE-CU-2022:1534-1: Security update of suse/sles12sp5 Message-ID: <20220719074001.E51D8F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1534-1 Container Tags : suse/sles12sp5:6.5.349 , suse/sles12sp5:latest Container Release : 6.5.349 Severity : important Type : security References : 1199232 CVE-2022-1586 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2334-1 Released: Fri Jul 8 10:12:23 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) The following package changes have been done: - libpcre1-8.45-8.12.1 updated From sle-updates at lists.suse.com Tue Jul 19 07:59:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 09:59:25 +0200 (CEST) Subject: SUSE-CU-2022:1535-1: Security update of suse/sle15 Message-ID: <20220719075925.13E23F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1535-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.644 Container Release : 6.2.644 Severity : moderate Type : security References : 1180065 CVE-2020-29362 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) The following package changes have been done: - libp11-kit0-0.23.2-150000.4.16.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated From sle-updates at lists.suse.com Tue Jul 19 08:04:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:04:00 +0200 (CEST) Subject: SUSE-CU-2022:1536-1: Recommended update of bci/bci-init Message-ID: <20220719080400.84AA3F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1536-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.12 Container Release : 17.12 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-17.17.24 updated From sle-updates at lists.suse.com Tue Jul 19 08:04:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:04:18 +0200 (CEST) Subject: SUSE-CU-2022:1537-1: Security update of bci/bci-micro Message-ID: <20220719080418.5F10BF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1537-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.19.5 Container Release : 19.5 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Tue Jul 19 08:10:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:10:04 +0200 (CEST) Subject: SUSE-CU-2022:1540-1: Recommended update of suse/389-ds Message-ID: <20220719081004.2BCC2F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1540-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.17 , suse/389-ds:latest Container Release : 14.17 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:12:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:12:04 +0200 (CEST) Subject: SUSE-CU-2022:1545-1: Recommended update of bci/dotnet-sdk Message-ID: <20220719081204.6587DF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1545-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.4 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.4 , bci/dotnet-sdk:latest Container Release : 21.4 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:13:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:13:10 +0200 (CEST) Subject: SUSE-CU-2022:1548-1: Security update of bci/golang Message-ID: <20220719081310.1C5F7F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1548-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.16 Container Release : 13.16 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - glibc-devel-2.31-150300.31.2 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:13:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:13:36 +0200 (CEST) Subject: SUSE-CU-2022:1549-1: Security update of bci/golang Message-ID: <20220719081336.2041FF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1549-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.16 Container Release : 12.16 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - glibc-devel-2.31-150300.31.2 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:13:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:13:49 +0200 (CEST) Subject: SUSE-CU-2022:1550-1: Security update of bci/nodejs Message-ID: <20220719081349.F0677F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1550-1 Container Tags : bci/node:14 , bci/node:14-13.17 , bci/nodejs:14 , bci/nodejs:14-13.17 Container Release : 13.17 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 1201325 1201326 1201327 1201328 CVE-2022-1586 CVE-2022-1586 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2425-1 Released: Mon Jul 18 09:04:24 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - nodejs14-14.20.0-150200.15.34.1 updated - npm14-14.20.0-150200.15.34.1 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:14:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:14:27 +0200 (CEST) Subject: SUSE-CU-2022:1551-1: Security update of bci/openjdk-devel Message-ID: <20220719081427.3D99CF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1551-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.31 , bci/openjdk-devel:latest Container Release : 14.31 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - container:bci-openjdk-11-11-12.15 updated From sle-updates at lists.suse.com Tue Jul 19 08:14:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:14:51 +0200 (CEST) Subject: SUSE-CU-2022:1552-1: Security update of bci/openjdk Message-ID: <20220719081451.56E0CF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1552-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.15 , bci/openjdk:latest Container Release : 12.15 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 CVE-2022-1586 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 08:15:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 10:15:09 +0200 (CEST) Subject: SUSE-CU-2022:1553-1: Recommended update of bci/python Message-ID: <20220719081509.103E0F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1553-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.16 , bci/python:latest Container Release : 4.16 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Tue Jul 19 10:42:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 12:42:11 +0200 (CEST) Subject: SUSE-IU-2022:878-1: Security update of suse-sles-15-sp2-chost-byos-v20220718-x86_64-gen2 Message-ID: <20220719104211.96E4FF7C9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20220718-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:878-1 Image Tags : suse-sles-15-sp2-chost-byos-v20220718-x86_64-gen2:20220718 Image Release : Severity : critical Type : security References : 1028340 1029961 1029961 1040589 1057592 1065729 1070955 1071995 1082318 1082318 1099272 1115529 1120610 1121227 1121230 1122004 1122021 1128846 1130496 1134046 1156920 1158266 1160654 1162964 1172113 1172427 1173277 1174075 1174911 1177215 1177282 1177460 1177599 1178357 1179060 1179465 1179639 1179981 1180065 1180689 1181131 1181163 1181186 1181703 1181812 1181826 1182227 1182959 1183405 1183407 1183495 1183533 1184501 1185377 1185637 1186819 1187512 1187645 1187906 1188019 1188160 1188161 1188605 1189028 1189126 1189152 1189517 1189560 1189562 1190315 1190375 1190447 1190533 1190566 1190570 1190926 1190943 1190975 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191334 1191434 1191580 1191647 1191770 1191794 1191893 1191974 1192051 1192164 1192167 1192249 1192311 1192343 1192353 1192439 1192478 1192481 1192483 1192622 1192685 1192902 1192903 1192904 1192951 1193007 1193035 1193096 1193179 1193204 1193273 1193282 1193294 1193298 1193466 1193488 1193489 1193506 1193531 1193532 1193625 1193659 1193731 1193732 1193759 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193930 1194013 1194048 1194093 1194216 1194216 1194217 1194227 1194229 1194267 1194388 1194392 1194516 1194522 1194556 1194561 1194576 1194581 1194588 1194597 1194640 1194642 1194661 1194669 1194716 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194898 1194943 1195004 1195004 1195009 1195011 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195184 1195202 1195203 1195204 1195217 1195231 1195251 1195254 1195254 1195254 1195258 1195283 1195286 1195326 1195332 1195353 1195354 1195356 1195403 1195468 1195508 1195516 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195701 1195775 1195784 1195792 1195797 1195825 1195856 1195897 1195899 1195905 1195908 1195926 1195939 1195947 1195949 1195987 1195995 1195999 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196095 1196107 1196114 1196132 1196155 1196167 1196168 1196169 1196171 1196196 1196235 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196570 1196584 1196601 1196612 1196761 1196776 1196784 1196823 1196830 1196836 1196861 1196901 1196915 1196925 1196939 1196942 1196956 1197004 1197024 1197065 1197134 1197135 1197157 1197216 1197227 1197284 1197293 1197297 1197331 1197343 1197362 1197366 1197389 1197423 1197425 1197426 1197443 1197459 1197462 1197472 1197517 1197656 1197660 1197702 1197771 1197788 1197794 1197895 1197903 1197914 1197948 1197967 1198031 1198032 1198033 1198062 1198062 1198258 1198330 1198400 1198441 1198446 1198460 1198484 1198493 1198495 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198614 1198657 1198660 1198687 1198723 1198748 1198766 1198778 1198825 1198922 1198939 1199012 1199061 1199063 1199132 1199166 1199223 1199224 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199460 1199474 1199487 1199489 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199756 1199918 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200088 1200143 1200144 1200145 1200249 1200263 1200442 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200735 1200737 1201050 1201080 1201099 954329 954813 CVE-2015-20107 CVE-2015-8985 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19377 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-29362 CVE-2021-0920 CVE-2021-20193 CVE-2021-20321 CVE-2021-22570 CVE-2021-22600 CVE-2021-25220 CVE-2021-26341 CVE-2021-26401 CVE-2021-28153 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39698 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4136 CVE-2021-4157 CVE-2021-41617 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4209 CVE-2021-43565 CVE-2021-44142 CVE-2021-44879 CVE-2021-45095 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0001 CVE-2022-0002 CVE-2022-0002 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0847 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1097 CVE-2022-1158 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-22576 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24958 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25258 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-27666 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28739 CVE-2022-28893 CVE-2022-29155 CVE-2022-29162 CVE-2022-29217 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 CVE-2022-33981 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20220718-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:287-1 Released: Tue Feb 1 17:54:57 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:346-1 Released: Tue Feb 8 12:20:33 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:365-1 Released: Thu Feb 10 17:36:13 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1177599,1183405,1185377,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:368-1 Released: Thu Feb 10 20:29:26 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187645,1193532 This update for grub2 fixes the following issues: - Fix grub error 'not a Btrfs filesystem' on s390x (bsc#1187645) - Add support for simplefb (bsc#1193532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:467-1 Released: Thu Feb 17 09:51:37 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:759-1 Released: Tue Mar 8 19:05:12 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:50 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:46:56 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1190-1 Released: Wed Apr 13 20:52:23 2022 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1192343 This update for cloud-init contains the following fixes: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Remove patches included upstream. + Forward port fixes. + Fix for VMware Test, system dependend, not properly mocked previously. + Azure: fallback nic needs to be reevaluated during reprovisioning (#1094) [Anh Vo] + azure: pps imds (#1093) [Anh Vo] + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) [Brett Holman] + Allow libexec for hotplug (#1088) + Add necessary mocks to test_ovf unit tests (#1087) + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336) + distros: Remove a completed 'TODO' comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add 'install hotplug' module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add 'Google' as possible system-product-name (#1077) [vteratipally] + Update Debian security suite for bullseye (#1076) [Johann Queuniet] + Leave the details of service management to the distro (#1074) [Andy Fiddaman] + Fix typos in setup.py (#1059) [Christian Clauss] + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) [Emanuele Giuseppe Esposito] + VMware: read network-config from ISO (#1066) [Thomas Wei??schuh] + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) [Olivier Lemasle] (LP: #1942232) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) [Ryan Harper] + VMWARE: search the deployPkg plugin in multiarch dir (#1061) [xiaofengw-vmware] (LP: #1944946) + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493) + Use specified tmp location for growpart (#1046) [jshen28] + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman] + Allow comments in runcmd and report failed commands correctly (#1049) [Brett Holman] (LP: #1853146) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) [Paride Legovini] + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299) + renderer: convert relative imports to absolute (#1052) [Paride Legovini] + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) [Vlastimil Holer] + integration-requirements: bump the pycloudlib commit (#1047) [Paride Legovini] + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095] + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) [Andrew Gein] + Make wording for module frequency consistent (#1039) [Nicolas Bock] + Use ascii code for growpart (#1036) [jshen28] + Add jshen28 as contributor (#1035) [jshen28] + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) [eb3095] + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) [Paride Legovini] (LP: #1944414) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) [vteratipally] + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) [Renan Rodrigo] (LP: #1940236) + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun] + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans] + Improve ug_util.py (#1013) [Shreenidhi Shedi] + Support openEuler OS (#1012) [zhuzaifangxuele] + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) [Emanuele Giuseppe Esposito] + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) [Andy Fiddaman] + Add CloudLinux OS support (#1003) [Alexandr Kravchenko] + puppet config: add the start_agent option (#1002) [Andrew Bogott] + Fix `make style-check` errors (#1000) [Shreenidhi Shedi] + Make cloud-id copyright year (#991) [Andrii Podanenko] + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi] + Update ds-identify to pass shellcheck (#979) [Andrew Kutz] + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) [aswinrajamannar] + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz] + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] + Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] + Update inconsistent indentation (#962) [Andrew Kutz] + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] + Add Puppet contributors to CLA signers (#964) [Noah Fontes] + Datasource for VMware (#953) [Andrew Kutz] + photon: refactor hostname handling and add networkd activator (#958) [sshedi] + Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) [sshedi] + Add VZLinux support (#951) [eb3095] + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] + Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] + Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] (LP: #1911680) + VMware: new 'allow_raw_data' switch (#939) [xiaofengw-vmware] + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) [Renan Rodrigo] + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) [Gon??ri Le Bouder] + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) [Robert Schweikert] + cloud_tests: fix the Impish release name (#931) [Paride Legovini] + Removed distro specific network code from Photon (#929) [sshedi] + Add support for VMware PhotonOS (#909) [sshedi] + cloud_tests: add impish release definition (#927) [Paride Legovini] + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of 'DigitalOcean' (#924) [Mark Mercado] + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) [Gon??ri Le Bouder] + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) [Gon??ri Le Bouder] + Create the log file with 640 permissions (#858) [Robert Schweikert] + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) [Gon??ri Le Bouder] + Add Rocky Linux support to cloud-init (#906) [Louis Abel] + Add 'esposem' as contributor (#907) [Emanuele Giuseppe Esposito] + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] (LP: #1925395) + [examples] config-user-groups expire in the future (#902) [Geert Stappers] + BSD: static network, set the mtu (#894) [Gon??ri Le Bouder] + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) [dermotbradley] + Add AlmaLinux OS support (#872) [Andrew Lukoshko] + Still need to consider the 'network' configuration option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1197-1 Released: Thu Apr 14 10:07:51 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033,CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - net: tipc: validate domain record count on input (bsc#1195254). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1202-1 Released: Thu Apr 14 11:40:59 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1179981,1191974,1192622,1195204 This update for grub2 fixes the following issues: - Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1300-1 Released: Fri Apr 22 08:39:36 2022 Summary: Security update for xen Type: security Severity: important References: 1194267,1196915,1197423,1197425,1197426,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1471-1 Released: Fri Apr 29 16:48:14 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1544-1 Released: Thu May 5 11:52:22 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1195011,1195508,1197967 This update for dracut fixes the following issues: - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(dracut-functions.sh): ip route parsing (bsc#1195011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1583-1 Released: Mon May 9 17:42:50 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1839-1 Released: Wed May 25 10:32:21 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issues: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2024-1 Released: Thu Jun 9 10:13:12 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1198258 This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2074-1 Released: Tue Jun 14 11:59:55 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2104-1 Released: Thu Jun 16 15:21:45 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249,CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2164-1 Released: Thu Jun 23 15:33:30 2022 Summary: Security update for xen Type: security Severity: important References: 1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2423-1 Released: Mon Jul 18 08:41:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1195775,1196901,1197362,1199487,1199489,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1201050,1201080,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - exec: Force single empty string when argv is empty (bsc#1200571). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - cifs-utils-6.9-150100.5.15.1 updated - cloud-init-config-suse-21.4-150100.8.58.1 updated - cloud-init-21.4-150100.8.58.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.36.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-049.1+suse.234.g902e489c-150200.3.57.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.04-150200.9.63.2 updated - grub2-x86_64-efi-2.04-150200.9.63.2 updated - grub2-2.04-150200.9.63.2 updated - gzip-1.10-150200.10.1 updated - kernel-default-5.3.18-150200.24.120.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgnutls30-3.6.7-14.16.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssh-8.1p1-150200.5.28.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python-azure-agent-2.2.49.2-150100.3.23.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-attrs-19.3.0-3.4.1 added - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-importlib-metadata-1.5.0-3.3.5 added - python3-jsonschema-3.2.0-9.3.1 updated - python3-more-itertools-4.2.0-3.2.3 added - python3-netifaces-0.10.6-1.31 added - python3-pyrsistent-0.14.4-3.2.1 added - python3-six-1.14.0-12.1 updated - python3-zipp-0.6.0-3.3.5 added - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.8.1 updated - wicked-0.6.68-3.8.1 updated - xen-libs-4.13.4_10-150200.3.55.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated From sle-updates at lists.suse.com Tue Jul 19 10:45:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 12:45:29 +0200 (CEST) Subject: SUSE-IU-2022:853-1: Security update of suse-sles-15-sp2-chost-byos-v20220718-hvm-ssd-x86_64 Message-ID: <20220719104529.19D49F7C9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20220718-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:853-1 Image Tags : suse-sles-15-sp2-chost-byos-v20220718-hvm-ssd-x86_64:20220718 Image Release : Severity : critical Type : security References : 1028340 1029961 1029961 1040589 1057592 1065729 1070955 1071995 1082318 1082318 1099272 1115529 1120610 1121227 1121230 1122004 1122021 1128846 1130496 1134046 1156920 1158266 1160654 1162964 1172113 1172427 1173277 1174075 1174911 1177215 1177282 1177460 1177599 1178357 1179060 1179465 1179639 1179981 1180065 1180689 1181131 1181163 1181186 1181703 1181812 1181826 1182227 1182959 1183405 1183407 1183495 1183533 1184501 1185377 1185637 1186819 1187512 1187645 1187906 1188019 1188160 1188161 1188605 1189028 1189126 1189152 1189517 1189560 1189562 1190315 1190375 1190447 1190533 1190566 1190570 1190926 1190943 1190975 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191334 1191434 1191580 1191647 1191770 1191794 1191893 1191974 1192051 1192164 1192167 1192249 1192311 1192343 1192353 1192439 1192478 1192481 1192483 1192622 1192685 1192902 1192903 1192904 1192951 1193007 1193035 1193096 1193179 1193204 1193273 1193282 1193294 1193298 1193466 1193488 1193489 1193506 1193531 1193532 1193625 1193659 1193731 1193732 1193759 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193930 1194013 1194048 1194093 1194216 1194216 1194217 1194227 1194229 1194267 1194388 1194392 1194516 1194522 1194556 1194561 1194576 1194581 1194588 1194597 1194640 1194642 1194661 1194669 1194716 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194898 1194943 1195004 1195004 1195009 1195011 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195184 1195202 1195203 1195204 1195217 1195231 1195251 1195254 1195254 1195254 1195258 1195283 1195286 1195326 1195332 1195353 1195354 1195356 1195403 1195468 1195508 1195516 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195701 1195775 1195784 1195792 1195797 1195825 1195856 1195897 1195899 1195905 1195908 1195926 1195939 1195947 1195949 1195987 1195995 1195999 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196095 1196107 1196114 1196132 1196155 1196167 1196168 1196169 1196171 1196196 1196235 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196570 1196584 1196601 1196612 1196761 1196776 1196784 1196823 1196830 1196836 1196861 1196901 1196915 1196925 1196939 1196942 1196956 1197004 1197024 1197065 1197134 1197135 1197157 1197216 1197227 1197284 1197293 1197297 1197331 1197343 1197362 1197366 1197389 1197423 1197425 1197426 1197443 1197459 1197462 1197472 1197517 1197656 1197660 1197702 1197771 1197788 1197794 1197895 1197903 1197914 1197948 1197967 1198031 1198032 1198033 1198062 1198062 1198330 1198400 1198441 1198446 1198460 1198484 1198493 1198495 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198614 1198657 1198660 1198687 1198723 1198748 1198766 1198778 1198825 1198922 1198939 1199012 1199061 1199063 1199132 1199166 1199223 1199224 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199460 1199474 1199487 1199489 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199756 1199918 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200088 1200143 1200144 1200145 1200249 1200263 1200442 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200735 1200737 1201050 1201080 1201099 954329 954813 CVE-2015-20107 CVE-2015-8985 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19377 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-29362 CVE-2021-0920 CVE-2021-20193 CVE-2021-20321 CVE-2021-22570 CVE-2021-22600 CVE-2021-25220 CVE-2021-26341 CVE-2021-26401 CVE-2021-28153 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39698 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4136 CVE-2021-4157 CVE-2021-41617 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4209 CVE-2021-43565 CVE-2021-44142 CVE-2021-44879 CVE-2021-45095 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0001 CVE-2022-0002 CVE-2022-0002 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0847 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1097 CVE-2022-1158 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-22576 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24958 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25258 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-27666 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28739 CVE-2022-28893 CVE-2022-29155 CVE-2022-29162 CVE-2022-29217 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 CVE-2022-33981 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20220718-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:287-1 Released: Tue Feb 1 17:54:57 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:346-1 Released: Tue Feb 8 12:20:33 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:365-1 Released: Thu Feb 10 17:36:13 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1177599,1183405,1185377,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:368-1 Released: Thu Feb 10 20:29:26 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187645,1193532 This update for grub2 fixes the following issues: - Fix grub error 'not a Btrfs filesystem' on s390x (bsc#1187645) - Add support for simplefb (bsc#1193532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:467-1 Released: Thu Feb 17 09:51:37 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:759-1 Released: Tue Mar 8 19:05:12 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:50 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:46:56 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1190-1 Released: Wed Apr 13 20:52:23 2022 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1192343 This update for cloud-init contains the following fixes: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Remove patches included upstream. + Forward port fixes. + Fix for VMware Test, system dependend, not properly mocked previously. + Azure: fallback nic needs to be reevaluated during reprovisioning (#1094) [Anh Vo] + azure: pps imds (#1093) [Anh Vo] + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) [Brett Holman] + Allow libexec for hotplug (#1088) + Add necessary mocks to test_ovf unit tests (#1087) + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336) + distros: Remove a completed 'TODO' comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add 'install hotplug' module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add 'Google' as possible system-product-name (#1077) [vteratipally] + Update Debian security suite for bullseye (#1076) [Johann Queuniet] + Leave the details of service management to the distro (#1074) [Andy Fiddaman] + Fix typos in setup.py (#1059) [Christian Clauss] + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) [Emanuele Giuseppe Esposito] + VMware: read network-config from ISO (#1066) [Thomas Wei??schuh] + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) [Olivier Lemasle] (LP: #1942232) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) [Ryan Harper] + VMWARE: search the deployPkg plugin in multiarch dir (#1061) [xiaofengw-vmware] (LP: #1944946) + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493) + Use specified tmp location for growpart (#1046) [jshen28] + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman] + Allow comments in runcmd and report failed commands correctly (#1049) [Brett Holman] (LP: #1853146) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) [Paride Legovini] + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299) + renderer: convert relative imports to absolute (#1052) [Paride Legovini] + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) [Vlastimil Holer] + integration-requirements: bump the pycloudlib commit (#1047) [Paride Legovini] + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095] + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) [Andrew Gein] + Make wording for module frequency consistent (#1039) [Nicolas Bock] + Use ascii code for growpart (#1036) [jshen28] + Add jshen28 as contributor (#1035) [jshen28] + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) [eb3095] + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) [Paride Legovini] (LP: #1944414) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) [vteratipally] + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) [Renan Rodrigo] (LP: #1940236) + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun] + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans] + Improve ug_util.py (#1013) [Shreenidhi Shedi] + Support openEuler OS (#1012) [zhuzaifangxuele] + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) [Emanuele Giuseppe Esposito] + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) [Andy Fiddaman] + Add CloudLinux OS support (#1003) [Alexandr Kravchenko] + puppet config: add the start_agent option (#1002) [Andrew Bogott] + Fix `make style-check` errors (#1000) [Shreenidhi Shedi] + Make cloud-id copyright year (#991) [Andrii Podanenko] + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi] + Update ds-identify to pass shellcheck (#979) [Andrew Kutz] + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) [aswinrajamannar] + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz] + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] + Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] + Update inconsistent indentation (#962) [Andrew Kutz] + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] + Add Puppet contributors to CLA signers (#964) [Noah Fontes] + Datasource for VMware (#953) [Andrew Kutz] + photon: refactor hostname handling and add networkd activator (#958) [sshedi] + Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) [sshedi] + Add VZLinux support (#951) [eb3095] + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] + Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] + Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] (LP: #1911680) + VMware: new 'allow_raw_data' switch (#939) [xiaofengw-vmware] + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) [Renan Rodrigo] + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) [Gon??ri Le Bouder] + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) [Robert Schweikert] + cloud_tests: fix the Impish release name (#931) [Paride Legovini] + Removed distro specific network code from Photon (#929) [sshedi] + Add support for VMware PhotonOS (#909) [sshedi] + cloud_tests: add impish release definition (#927) [Paride Legovini] + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of 'DigitalOcean' (#924) [Mark Mercado] + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) [Gon??ri Le Bouder] + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) [Gon??ri Le Bouder] + Create the log file with 640 permissions (#858) [Robert Schweikert] + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) [Gon??ri Le Bouder] + Add Rocky Linux support to cloud-init (#906) [Louis Abel] + Add 'esposem' as contributor (#907) [Emanuele Giuseppe Esposito] + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] (LP: #1925395) + [examples] config-user-groups expire in the future (#902) [Geert Stappers] + BSD: static network, set the mtu (#894) [Gon??ri Le Bouder] + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) [dermotbradley] + Add AlmaLinux OS support (#872) [Andrew Lukoshko] + Still need to consider the 'network' configuration option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1197-1 Released: Thu Apr 14 10:07:51 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033,CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - net: tipc: validate domain record count on input (bsc#1195254). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1202-1 Released: Thu Apr 14 11:40:59 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1179981,1191974,1192622,1195204 This update for grub2 fixes the following issues: - Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1300-1 Released: Fri Apr 22 08:39:36 2022 Summary: Security update for xen Type: security Severity: important References: 1194267,1196915,1197423,1197425,1197426,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1471-1 Released: Fri Apr 29 16:48:14 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1544-1 Released: Thu May 5 11:52:22 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1195011,1195508,1197967 This update for dracut fixes the following issues: - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(dracut-functions.sh): ip route parsing (bsc#1195011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1583-1 Released: Mon May 9 17:42:50 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1839-1 Released: Wed May 25 10:32:21 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issues: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2074-1 Released: Tue Jun 14 11:59:55 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2104-1 Released: Thu Jun 16 15:21:45 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249,CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2164-1 Released: Thu Jun 23 15:33:30 2022 Summary: Security update for xen Type: security Severity: important References: 1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2423-1 Released: Mon Jul 18 08:41:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1195775,1196901,1197362,1199487,1199489,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1201050,1201080,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - exec: Force single empty string when argv is empty (bsc#1200571). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - cifs-utils-6.9-150100.5.15.1 updated - cloud-init-config-suse-21.4-150100.8.58.1 updated - cloud-init-21.4-150100.8.58.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.36.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-049.1+suse.234.g902e489c-150200.3.57.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.04-150200.9.63.2 updated - grub2-x86_64-efi-2.04-150200.9.63.2 updated - grub2-x86_64-xen-2.04-150200.9.63.2 updated - grub2-2.04-150200.9.63.2 updated - gzip-1.10-150200.10.1 updated - kernel-default-5.3.18-150200.24.120.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgnutls30-3.6.7-14.16.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssh-8.1p1-150200.5.28.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-attrs-19.3.0-3.4.1 added - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-importlib-metadata-1.5.0-3.3.5 added - python3-jsonschema-3.2.0-9.3.1 updated - python3-more-itertools-4.2.0-3.2.3 added - python3-netifaces-0.10.6-1.31 added - python3-pyrsistent-0.14.4-3.2.1 added - python3-six-1.14.0-12.1 updated - python3-zipp-0.6.0-3.3.5 added - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.8.1 updated - wicked-0.6.68-3.8.1 updated - xen-libs-4.13.4_10-150200.3.55.1 updated - xen-tools-domU-4.13.4_10-150200.3.55.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated From sle-updates at lists.suse.com Tue Jul 19 10:48:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 12:48:58 +0200 (CEST) Subject: SUSE-IU-2022:859-1: Security update of sles-15-sp2-chost-byos-v20220718-x86-64 Message-ID: <20220719104858.DC37DF7C9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20220718-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:859-1 Image Tags : sles-15-sp2-chost-byos-v20220718-x86-64:20220718 Image Release : Severity : critical Type : security References : 1028340 1029961 1029961 1040589 1057592 1065729 1070955 1071995 1082318 1082318 1099272 1102408 1115529 1120610 1121227 1121230 1122004 1122021 1128846 1130496 1134046 1156920 1158266 1160654 1162964 1172113 1172427 1173277 1174075 1174911 1177215 1177282 1177460 1177599 1178357 1179060 1179465 1179639 1179981 1180065 1180689 1181131 1181163 1181186 1181703 1181812 1181826 1182227 1182959 1183405 1183407 1183495 1183533 1184501 1185377 1185637 1186819 1187512 1187645 1187906 1188019 1188160 1188161 1188605 1189028 1189126 1189152 1189517 1189560 1189562 1190315 1190375 1190447 1190533 1190566 1190570 1190926 1190943 1190975 1191015 1191096 1191121 1191157 1191184 1191185 1191186 1191334 1191434 1191580 1191647 1191770 1191794 1191893 1191974 1192051 1192164 1192167 1192249 1192311 1192353 1192439 1192478 1192481 1192483 1192622 1192652 1192653 1192685 1192902 1192903 1192904 1192951 1193007 1193035 1193096 1193179 1193204 1193257 1193258 1193273 1193282 1193294 1193298 1193466 1193488 1193489 1193506 1193532 1193625 1193659 1193731 1193732 1193759 1193805 1193841 1193861 1193864 1193867 1193868 1193905 1193930 1194013 1194048 1194093 1194216 1194216 1194217 1194227 1194229 1194267 1194388 1194392 1194516 1194522 1194556 1194561 1194576 1194581 1194588 1194597 1194640 1194642 1194661 1194669 1194716 1194768 1194770 1194845 1194848 1194859 1194872 1194880 1194883 1194885 1194898 1194943 1195004 1195004 1195009 1195011 1195051 1195054 1195065 1195066 1195095 1195096 1195115 1195126 1195149 1195184 1195202 1195203 1195204 1195217 1195231 1195251 1195254 1195254 1195254 1195258 1195283 1195286 1195326 1195332 1195353 1195354 1195356 1195403 1195437 1195438 1195468 1195508 1195516 1195543 1195560 1195612 1195614 1195628 1195651 1195654 1195701 1195775 1195784 1195792 1195797 1195825 1195856 1195897 1195899 1195905 1195908 1195926 1195939 1195947 1195949 1195987 1195995 1195999 1196018 1196025 1196025 1196026 1196036 1196061 1196079 1196093 1196095 1196107 1196114 1196132 1196155 1196167 1196168 1196169 1196171 1196196 1196235 1196275 1196282 1196317 1196361 1196367 1196368 1196406 1196426 1196433 1196441 1196441 1196468 1196488 1196490 1196494 1196495 1196514 1196514 1196570 1196584 1196601 1196612 1196761 1196776 1196784 1196823 1196830 1196836 1196861 1196901 1196915 1196925 1196939 1196942 1196956 1197004 1197024 1197065 1197134 1197135 1197157 1197216 1197227 1197284 1197293 1197297 1197331 1197343 1197362 1197366 1197389 1197423 1197425 1197426 1197443 1197459 1197462 1197472 1197517 1197656 1197660 1197702 1197771 1197788 1197794 1197895 1197903 1197914 1197948 1197967 1198031 1198032 1198033 1198062 1198062 1198330 1198400 1198441 1198446 1198460 1198484 1198493 1198495 1198496 1198504 1198511 1198516 1198577 1198581 1198596 1198614 1198660 1198687 1198723 1198748 1198766 1198778 1198825 1198922 1198939 1199012 1199061 1199063 1199132 1199166 1199223 1199224 1199232 1199232 1199240 1199314 1199331 1199333 1199334 1199460 1199474 1199487 1199489 1199505 1199507 1199565 1199605 1199650 1199651 1199655 1199657 1199693 1199745 1199747 1199918 1199936 1199965 1199966 1200010 1200011 1200012 1200015 1200088 1200143 1200144 1200145 1200249 1200263 1200442 1200550 1200571 1200599 1200604 1200605 1200608 1200619 1200692 1200735 1200737 1201050 1201080 1201099 954329 954813 CVE-2015-20107 CVE-2015-8985 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19377 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2020-26541 CVE-2020-29362 CVE-2021-0920 CVE-2021-20193 CVE-2021-20321 CVE-2021-22570 CVE-2021-22600 CVE-2021-25220 CVE-2021-26341 CVE-2021-26401 CVE-2021-28153 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-3572 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39648 CVE-2021-39657 CVE-2021-3968 CVE-2021-39698 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3999 CVE-2021-4019 CVE-2021-4019 CVE-2021-4069 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-4136 CVE-2021-4157 CVE-2021-41617 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-4209 CVE-2021-43565 CVE-2021-44142 CVE-2021-44879 CVE-2021-45095 CVE-2021-45868 CVE-2021-46059 CVE-2021-46059 CVE-2022-0001 CVE-2022-0001 CVE-2022-0002 CVE-2022-0002 CVE-2022-0128 CVE-2022-0168 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0330 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0696 CVE-2022-0847 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1097 CVE-2022-1158 CVE-2022-1184 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1353 CVE-2022-1381 CVE-2022-1420 CVE-2022-1516 CVE-2022-1586 CVE-2022-1586 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1733 CVE-2022-1734 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2068 CVE-2022-2097 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-22576 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23648 CVE-2022-23648 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-24448 CVE-2022-24769 CVE-2022-24903 CVE-2022-24958 CVE-2022-24959 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25258 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26490 CVE-2022-26691 CVE-2022-26966 CVE-2022-27191 CVE-2022-27239 CVE-2022-27666 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28739 CVE-2022-28893 CVE-2022-29155 CVE-2022-29162 CVE-2022-29824 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-31030 CVE-2022-32206 CVE-2022-32208 CVE-2022-33981 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20220718-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:273-1 Released: Tue Feb 1 14:15:21 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: important References: 1102408,1192652,1192653,1193257,1193258 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Changes in google-guest-configs: - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the 'udevdir' pkg-config variable on SLE-15-SP2 and older since the variable got renamed to 'udev_dir' in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert 'dont set IP in etc/hosts; remove rsyslog (#26)' (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Changes in google-guest-oslogin: - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Changes in google-osconfig-agent: - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:287-1 Released: Tue Feb 1 17:54:57 2022 Summary: Security update for samba Type: security Severity: critical References: 1194859,CVE-2021-44142 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:346-1 Released: Tue Feb 8 12:20:33 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:365-1 Released: Thu Feb 10 17:36:13 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1177599,1183405,1185377,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:368-1 Released: Thu Feb 10 20:29:26 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187645,1193532 This update for grub2 fixes the following issues: - Fix grub error 'not a Btrfs filesystem' on s390x (bsc#1187645) - Add support for simplefb (bsc#1193532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:467-1 Released: Thu Feb 17 09:51:37 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:36 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:759-1 Released: Tue Mar 8 19:05:12 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776,CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:50 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:50 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:46:56 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:946-1 Released: Thu Mar 24 15:19:49 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1135-1 Released: Fri Apr 8 13:12:45 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1147-1 Released: Mon Apr 11 15:49:43 2022 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1195784 This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1197-1 Released: Thu Apr 14 10:07:51 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179639,1189562,1193731,1194943,1195051,1195254,1195353,1195403,1195939,1196018,1196196,1196468,1196488,1196761,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1197914,1198031,1198032,1198033,CVE-2021-0920,CVE-2021-39698,CVE-2021-45868,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - net: tipc: validate domain record count on input (bsc#1195254). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1202-1 Released: Thu Apr 14 11:40:59 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1179981,1191974,1192622,1195204 This update for grub2 fixes the following issues: - Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1300-1 Released: Fri Apr 22 08:39:36 2022 Summary: Security update for xen Type: security Severity: important References: 1194267,1196915,1197423,1197425,1197426,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1460-1 Released: Thu Apr 28 16:21:58 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1195437,1195438 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220204.00. (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20220211.00. (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Update to version 20220205.00. (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1471-1 Released: Fri Apr 29 16:48:14 2022 Summary: Recommended update for samba Type: recommended Severity: low References: 1134046 This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1544-1 Released: Thu May 5 11:52:22 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1195011,1195508,1197967 This update for dracut fixes the following issues: - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(dracut-functions.sh): ip route parsing (bsc#1195011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1583-1 Released: Mon May 9 17:42:50 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1839-1 Released: Wed May 25 10:32:21 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issues: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2074-1 Released: Tue Jun 14 11:59:55 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2104-1 Released: Thu Jun 16 15:21:45 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1065729,1071995,1158266,1177282,1191647,1195651,1195926,1196114,1196367,1196426,1196433,1196514,1196570,1196942,1197157,1197343,1197472,1197656,1197660,1197895,1198330,1198400,1198484,1198516,1198577,1198660,1198687,1198778,1198825,1199012,1199063,1199314,1199505,1199507,1199605,1199650,1199918,1200015,1200143,1200144,1200249,CVE-2019-19377,CVE-2020-26541,CVE-2021-20321,CVE-2021-33061,CVE-2022-0168,CVE-2022-1011,CVE-2022-1158,CVE-2022-1184,CVE-2022-1353,CVE-2022-1516,CVE-2022-1652,CVE-2022-1729,CVE-2022-1734,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-28893,CVE-2022-30594 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2164-1 Released: Thu Jun 23 15:33:30 2022 Summary: Security update for xen Type: security Severity: important References: 1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2351-1 Released: Mon Jul 11 10:50:12 2022 Summary: Security update for python3 Type: security Severity: important References: 1186819,1190566,1192249,1193179,1198511,CVE-2015-20107,CVE-2021-3572 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2423-1 Released: Mon Jul 18 08:41:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194013,1195775,1196901,1197362,1199487,1199489,1199657,1200263,1200442,1200571,1200599,1200604,1200605,1200608,1200619,1200692,1201050,1201080,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - exec: Force single empty string when argv is empty (bsc#1200571). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150000.12.60.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - cifs-utils-6.9-150100.5.15.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - coreutils-8.29-4.3.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.36.1 updated - docker-20.10.17_ce-150000.166.1 updated - dracut-049.1+suse.234.g902e489c-150200.3.57.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-locale-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - google-guest-agent-20220204.00-150000.1.26.1 updated - google-guest-configs-20220211.00-150000.1.19.1 updated - google-guest-oslogin-20220205.00-150000.1.27.1 updated - google-osconfig-agent-20220209.00-150000.1.17.1 updated - grep-3.1-150000.4.6.1 updated - grub2-i386-pc-2.04-150200.9.63.2 updated - grub2-x86_64-efi-2.04-150200.9.63.2 updated - grub2-2.04-150200.9.63.2 updated - gzip-1.10-150200.10.1 updated - kernel-default-5.3.18-150200.24.120.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150000.12.60.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libdns1605-9.16.6-150000.12.60.1 updated - libexpat1-2.2.5-3.19.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgnutls30-3.6.7-14.16.1 updated - libirs1601-9.16.6-150000.12.60.1 updated - libisc1606-9.16.6-150000.12.60.1 updated - libisccc1600-9.16.6-150000.12.60.1 updated - libisccfg1600-9.16.6-150000.12.60.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libns1604-9.16.6-150000.12.60.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150000.3.106.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-234-24.108.1 updated - libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - openssh-8.1p1-150200.5.28.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150000.7.15.1 updated - perl-5.26.1-150000.7.15.1 updated - procps-3.3.15-7.22.1 updated - python3-base-3.6.15-150000.3.106.1 updated - python3-bind-9.16.6-150000.12.60.1 updated - python3-six-1.14.0-12.1 updated - python3-3.6.15-150000.3.106.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - runc-1.1.3-150000.30.1 updated - samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 updated - sudo-1.8.27-4.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - supportutils-3.1.20-150000.5.39.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-sysvinit-234-24.108.1 updated - systemd-234-24.108.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.33.2-150100.4.21.1 updated - util-linux-2.33.2-150100.4.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - wicked-service-0.6.68-3.8.1 updated - wicked-0.6.68-3.8.1 updated - xen-libs-4.13.4_10-150200.3.55.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated From sle-updates at lists.suse.com Tue Jul 19 13:18:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 15:18:20 +0200 (CEST) Subject: SUSE-SU-2022:2435-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) Message-ID: <20220719131820.C8781FDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2435-1 Rating: important References: #1200608 Cross-References: CVE-2022-20154 CVSS scores: CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_114 fixes one issue. The following security issue was fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2435=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2434=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_115-default-3-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-3-150200.2.1 kernel-livepatch-SLE15-SP2_Update_27-debugsource-3-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_114-default-2-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Tue Jul 19 19:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 21:15:53 +0200 (CEST) Subject: SUSE-SU-2022:2441-1: important: Security update for python2-numpy Message-ID: <20220719191553.2F6F6FDDB@maintenance.suse.de> SUSE Security Update: Security update for python2-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2441-1 Rating: important References: #1193907 #1193911 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41495 CVE-2021-41496 CVSS scores: CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python2-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2441=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2441=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2441=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2441=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2441=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2441=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2441=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2441=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2441=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2441=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-devel-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-devel-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-devel-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150000.1.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150000.1.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy-gnu-hpc-devel-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-1.16.5-150000.1.9.1 python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150000.1.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 - SUSE CaaS Platform 4.0 (x86_64): python2-numpy-1.16.5-150000.1.9.1 python2-numpy-debuginfo-1.16.5-150000.1.9.1 python2-numpy-debugsource-1.16.5-150000.1.9.1 python2-numpy-devel-1.16.5-150000.1.9.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41495.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193911 https://bugzilla.suse.com/1193913 From sle-updates at lists.suse.com Tue Jul 19 19:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jul 2022 21:16:46 +0200 (CEST) Subject: SUSE-SU-2022:2438-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) Message-ID: <20220719191646.66E32FDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2438-1 Rating: important References: #1199697 #1200059 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_116 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2437=1 SUSE-SLE-Live-Patching-12-SP5-2022-2438=1 SUSE-SLE-Live-Patching-12-SP5-2022-2442=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2433=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-5-2.3 kgraft-patch-4_12_14-122_91-default-14-2.3 kgraft-patch-4_12_14-122_98-default-12-2.3 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_93-default-6-2.3 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Tue Jul 19 22:16:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 00:16:07 +0200 (CEST) Subject: SUSE-SU-2022:2443-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) Message-ID: <20220719221607.83B63FDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2443-1 Rating: important References: #1200608 Cross-References: CVE-2022-20154 CVSS scores: CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_124 fixes one issue. The following security issue was fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2443=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_124-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Wed Jul 20 01:15:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 03:15:16 +0200 (CEST) Subject: SUSE-SU-2022:2444-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) Message-ID: <20220720011516.BAFDDFDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2444-1 Rating: important References: #1199697 #1200059 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2444=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_83-default-11-2.3 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Wed Jul 20 04:16:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 06:16:14 +0200 (CEST) Subject: SUSE-SU-2022:2445-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Message-ID: <20220720041614.37775FDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2445-1 Rating: important References: #1199697 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2445=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_99-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Wed Jul 20 07:15:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:15:56 +0200 (CEST) Subject: SUSE-RU-2022:2447-1: important: Recommended update for virt-manager Message-ID: <20220720071556.85262FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2447-1 Rating: important References: #1196806 #1200422 #1200691 SLE-18732 SLE-18834 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes and contains two features can now be installed. Description: This update for virt-manager fixes the following issues: - Add support for AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) (bsc#1196806, jsc#SLE-18732) - Add firmware features to description tooltip when mouse hovers over the selected firmware file - SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (bsc#1200691, bsc#1200422) - Make package xorriso a required dependency Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2447=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2447=1 Package List: - openSUSE Leap 15.4 (noarch): virt-install-4.0.0-150400.3.3.1 virt-manager-4.0.0-150400.3.3.1 virt-manager-common-4.0.0-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): virt-install-4.0.0-150400.3.3.1 virt-manager-4.0.0-150400.3.3.1 virt-manager-common-4.0.0-150400.3.3.1 References: https://bugzilla.suse.com/1196806 https://bugzilla.suse.com/1200422 https://bugzilla.suse.com/1200691 From sle-updates at lists.suse.com Wed Jul 20 07:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:16:46 +0200 (CEST) Subject: SUSE-SU-2022:2446-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP4) Message-ID: <20220720071646.E77DFFDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2446-1 Rating: important References: #1199697 #1200059 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2446=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_80-default-16-2.3 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Wed Jul 20 07:20:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:20:24 +0200 (CEST) Subject: SUSE-CU-2022:1554-1: Recommended update of bci/python Message-ID: <20220720072024.C7350FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1554-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.25 Container Release : 18.25 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-17.20.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:26:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:26:27 +0200 (CEST) Subject: SUSE-CU-2022:1565-1: Recommended update of bci/golang Message-ID: <20220720072627.683E0FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1565-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.17 Container Release : 13.17 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:27:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:27:03 +0200 (CEST) Subject: SUSE-CU-2022:1566-1: Recommended update of bci/golang Message-ID: <20220720072703.82D06FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1566-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.17 Container Release : 12.17 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:27:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:27:29 +0200 (CEST) Subject: SUSE-CU-2022:1567-1: Security update of bci/bci-init Message-ID: <20220720072729.947A6FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1567-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.19.7 , bci/bci-init:latest Container Release : 19.7 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - container:sles15-image-15.0.0-27.8.6 updated From sle-updates at lists.suse.com Wed Jul 20 07:28:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:28:08 +0200 (CEST) Subject: SUSE-CU-2022:1569-1: Security update of bci/nodejs Message-ID: <20220720072808.9498AFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1569-1 Container Tags : bci/node:16 , bci/node:16-8.16 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.16 , bci/nodejs:latest Container Release : 8.16 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:28:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:28:57 +0200 (CEST) Subject: SUSE-CU-2022:1570-1: Recommended update of bci/openjdk-devel Message-ID: <20220720072857.80922FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1570-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.32 , bci/openjdk-devel:latest Container Release : 14.32 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 added From sle-updates at lists.suse.com Wed Jul 20 07:29:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:29:12 +0200 (CEST) Subject: SUSE-CU-2022:1571-1: Recommended update of suse/pcp Message-ID: <20220720072912.EFF1CFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1571-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-7.33 , suse/pcp:latest Container Release : 7.33 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - timezone-2022a-150000.75.7.1 added - container:bci-bci-init-15.4-15.4-19.7 updated From sle-updates at lists.suse.com Wed Jul 20 07:29:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:29:33 +0200 (CEST) Subject: SUSE-CU-2022:1572-1: Recommended update of bci/python Message-ID: <20220720072933.8829CFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1572-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.17 , bci/python:latest Container Release : 4.17 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:29:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:29:48 +0200 (CEST) Subject: SUSE-CU-2022:1573-1: Security update of bci/python Message-ID: <20220720072948.756EAFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1573-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.17 Container Release : 12.17 Severity : important Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1188127 1197718 1199140 1199232 1199232 1200334 1200855 CVE-2022-1586 CVE-2022-1586 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - timezone-2022a-150000.75.7.1 added - libpcre2-8-0-10.39-150400.4.3.1 updated - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 07:30:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 09:30:34 +0200 (CEST) Subject: SUSE-CU-2022:1574-1: Recommended update of bci/ruby Message-ID: <20220720073034.EE9C3FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1574-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.13 , bci/ruby:latest Container Release : 10.13 Severity : moderate Type : recommended References : 1197718 1199140 1200334 1200855 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - glibc-devel-2.31-150300.31.2 updated - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Wed Jul 20 08:00:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 10:00:33 +0200 (CEST) Subject: SUSE-IU-2022:894-1: Security update of sles-15-sp3-chost-byos-v20220718-x86-64 Message-ID: <20220720080033.5EA60FDCF@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220718-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:894-1 Image Tags : sles-15-sp3-chost-byos-v20220718-x86-64:20220718 Image Release : Severity : important Type : security References : 1065729 1179195 1180065 1180814 1184924 1185762 1192761 1193629 1194013 1195504 1195775 1196901 1197362 1197718 1197754 1198020 1198511 1198924 1199140 1199232 1199482 1199487 1199489 1199657 1200217 1200263 1200334 1200343 1200442 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200692 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 CVE-2015-20107 CVE-2020-29362 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1586 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220718-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2422-1 Released: Mon Jul 18 08:29:40 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). The following package changes have been done: - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - kernel-default-5.3.18-150300.59.81.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated From sle-updates at lists.suse.com Wed Jul 20 11:48:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 13:48:10 +0200 (CEST) Subject: SUSE-IU-2022:903-1: Security update of suse-sles-15-sp3-chost-byos-v20220718-x86_64-gen2 Message-ID: <20220720114810.64366FDCF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220718-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:903-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220718-x86_64-gen2:20220718 Image Release : Severity : important Type : security References : 1065729 1179195 1180065 1180814 1184924 1185762 1192761 1193629 1194013 1195504 1195775 1196901 1197362 1197718 1197754 1198020 1198511 1198924 1199140 1199232 1199482 1199487 1199489 1199657 1199756 1200217 1200263 1200334 1200343 1200442 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200692 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 CVE-2015-20107 CVE-2020-29362 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1586 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29217 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220718-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2422-1 Released: Wed Jul 20 12:44:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update has been retracted, as it has caused regressions on multiple machines types. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). The following package changes have been done: - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - kernel-default-5.3.18-150300.59.81.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated From sle-updates at lists.suse.com Wed Jul 20 11:50:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 13:50:46 +0200 (CEST) Subject: SUSE-IU-2022:904-1: Security update of suse-sles-15-sp3-chost-byos-v20220718-hvm-ssd-x86_64 Message-ID: <20220720115046.AC345FDCF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220718-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:904-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220718-hvm-ssd-x86_64:20220718 Image Release : Severity : important Type : security References : 1065729 1179195 1180065 1180814 1184924 1185762 1192761 1193629 1194013 1195504 1195775 1196901 1197362 1197718 1197754 1198020 1198511 1198924 1199140 1199232 1199482 1199487 1199489 1199657 1199756 1200217 1200263 1200334 1200343 1200442 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200692 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 CVE-2015-20107 CVE-2020-29362 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1586 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29217 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220718-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2422-1 Released: Wed Jul 20 12:44:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update has been retracted, as it has caused regressions on multiple machines types. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). The following package changes have been done: - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - kernel-default-5.3.18-150300.59.81.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated From sle-updates at lists.suse.com Wed Jul 20 13:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 15:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2448-1: important: Security update for dovecot23 Message-ID: <20220720131632.9E43BFF0D@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2448-1 Rating: important References: #1201267 Cross-References: CVE-2022-30550 CVSS scores: CVE-2022-30550 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2448=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2448=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2448=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2448=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2448=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2448=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2448=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2448=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2448=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2448=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2448=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2448=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2448=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Manager Proxy 4.1 (x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dovecot23-2.3.15-150200.62.1 dovecot23-backend-mysql-2.3.15-150200.62.1 dovecot23-backend-mysql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-pgsql-2.3.15-150200.62.1 dovecot23-backend-pgsql-debuginfo-2.3.15-150200.62.1 dovecot23-backend-sqlite-2.3.15-150200.62.1 dovecot23-backend-sqlite-debuginfo-2.3.15-150200.62.1 dovecot23-debuginfo-2.3.15-150200.62.1 dovecot23-debugsource-2.3.15-150200.62.1 dovecot23-devel-2.3.15-150200.62.1 dovecot23-fts-2.3.15-150200.62.1 dovecot23-fts-debuginfo-2.3.15-150200.62.1 dovecot23-fts-lucene-2.3.15-150200.62.1 dovecot23-fts-lucene-debuginfo-2.3.15-150200.62.1 dovecot23-fts-solr-2.3.15-150200.62.1 dovecot23-fts-solr-debuginfo-2.3.15-150200.62.1 dovecot23-fts-squat-2.3.15-150200.62.1 dovecot23-fts-squat-debuginfo-2.3.15-150200.62.1 References: https://www.suse.com/security/cve/CVE-2022-30550.html https://bugzilla.suse.com/1201267 From sle-updates at lists.suse.com Wed Jul 20 19:16:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:16:05 +0200 (CEST) Subject: SUSE-RU-2022:2457-1: moderate: Recommended update for trento-agent Message-ID: <20220720191605.13891FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2457-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-agent fixes the following issues: -Release 1.1.0 Added - Change trento-premium to be obsolete in the spec - Get the agent ID in the main agent code package - Discover gcp metadata - Discover aws cloud data - Add a debug trace to know why the cluster data is not built Fixed - Quickstart agent installation script not working - Identify SAP diagnostics agent Other Changes - Bump github.com/spf13/viper from 1.11.0 to 1.12.0 - Bump github.com/vektra/mockery/v2 from 2.12.2 to 2.12.3 - Bump github.com/vektra/mockery/v2 from 2.12.1 to 2.12.2 - Fix URL in the package spec - Bump github.com/vektra/mockery/v2 from 2.10.6 to 2.12.1 This update for trento-server-installer fixes the following issues: - Release 1.1.0 Added - Change trento-premium-server-installer to be obsolete in the spec - Allow setting a custom sender for alerting notification emails - Add prometheus url env variable - Split web runner version usage - Improve CI to update change file on release and fix version string generation Fixed - Downgrade postgresql chart 10 - Upgrade bitnami postgresql chart version to 11.x.x - Fix syntax error in gihtub ci file introduced in last PR Closed Issues - Can't get valid version postgresql. - Complete newbie: not listening on port 80 after installation Other Changes - Bump actions/setup-python from 3 to 4 - Release 1.0.0 Closed Issues - forward port trento\#912 Other Changes - Bump images to 1.0.0 - Trento server installer - Restore prune events job - add license identifier and bump chart version - fix setting of admin password in install-server.sh - Suse delivery - Add admin user initialization - Remove mtls references - Bump azure/setup-helm from 2.0 to 2.1 - Bump actions/download-artifact from 2 to 3 - Bump actions/upload-artifact from 2 to 3 - add trento-server.sh installer options for advanced use - Update helm chart for the new containers - Add grafana env variables - Add support for optional Alerting configs - New trento dashboard - Bump helm/chart-releaser-action from 1.2.1 to 1.4.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2457=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2457=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2457=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2457=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): trento-agent-1.1.0-150300.1.8.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): trento-server-installer-1.1.0-150300.3.7.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-agent-1.1.0-150300.1.8.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): trento-server-installer-1.1.0-150300.3.7.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-agent-1.1.0-150300.1.8.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): trento-server-installer-1.1.0-150300.3.7.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-agent-1.1.0-150300.1.8.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): trento-server-installer-1.1.0-150300.3.7.1 References: From sle-updates at lists.suse.com Wed Jul 20 19:16:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:16:38 +0200 (CEST) Subject: SUSE-RU-2022:2459-1: moderate: Recommended update for regionServiceClientConfigGCE Message-ID: <20220720191638.9B20DFDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigGCE ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2459-1 Rating: moderate References: #1199668 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigGCE fixes the following issues: - Update to version 4.0.0 (bsc#1199668) - Move the cert location to /usr for compatibility with ro setup of SLE-Micro - Fix url in spec file to pint to the proper location of the source Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2459=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2459=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2459=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2459=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2459=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2459=1 Package List: - openSUSE Leap 15.4 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 - openSUSE Leap 15.3 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigGCE-4.0.0-150000.4.9.1 References: https://bugzilla.suse.com/1199668 From sle-updates at lists.suse.com Wed Jul 20 19:17:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:17:12 +0200 (CEST) Subject: SUSE-SU-2022:2460-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15) Message-ID: <20220720191712.ADD43FDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2460-1 Rating: important References: #1200608 Cross-References: CVE-2022-20154 CVSS scores: CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_92 fixes one issue. The following security issue was fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2460=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_92-default-2-150000.2.1 kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-2-150000.2.1 References: https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Wed Jul 20 19:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:17:51 +0200 (CEST) Subject: SUSE-RU-2022:2456-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20220720191751.74301FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2456-1 Rating: moderate References: #1199668 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the '/etc' path instead of '/usr' to accomodate read only setup of SLE-Micro Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2456=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2456=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2456=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2456=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2456=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2456=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2456=1 Package List: - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.73.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.4-150000.6.73.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.73.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.73.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.73.1 References: https://bugzilla.suse.com/1199668 From sle-updates at lists.suse.com Wed Jul 20 19:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:18:30 +0200 (CEST) Subject: SUSE-RU-2022:2455-1: moderate: Recommended update for perl-Bootloader Message-ID: <20220720191830.CFDA8FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2455-1 Rating: moderate References: #1192764 #1198197 #1198828 SLE-18271 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for perl-Bootloader fixes the following issues: - fix sysconfig parsing (bsc#1198828) - grub2/install: reset error code when passing through recover code (bsc#1198197) - grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2455=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2455=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2455=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2455=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2455=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): perl-Bootloader-0.939-150300.3.6.1 perl-Bootloader-YAML-0.939-150300.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Bootloader-YAML-0.939-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Bootloader-0.939-150300.3.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): perl-Bootloader-0.939-150300.3.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): perl-Bootloader-0.939-150300.3.6.1 References: https://bugzilla.suse.com/1192764 https://bugzilla.suse.com/1198197 https://bugzilla.suse.com/1198828 From sle-updates at lists.suse.com Wed Jul 20 19:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:19:22 +0200 (CEST) Subject: SUSE-RU-2022:2458-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20220720191922.B02A9FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2458-1 Rating: moderate References: #1199668 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigEC2 fixes the following issues: - Update to version 4.0.0 (bsc#1199668) - Move cert location to usr form var to accomodate ro filesystem of SLE-Micro - Fix source location in spec file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2458=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2458=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2458=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2458=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2458=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2458=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2458=1 Package List: - openSUSE Leap 15.4 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - openSUSE Leap 15.3 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): regionServiceClientConfigEC2-4.0.0-150000.3.21.1 References: https://bugzilla.suse.com/1199668 From sle-updates at lists.suse.com Wed Jul 20 19:19:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:19:59 +0200 (CEST) Subject: SUSE-RU-2022:2453-1: moderate: Recommended update for rook, rook-helm Message-ID: <20220720191959.1B500FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rook, rook-helm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2453-1 Rating: moderate References: #1198820 Affected Products: SUSE Enterprise Storage 7.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rook, rook-helm fixes the following issues: - Fixed an issue for deploying OSDs in SES 7.1 (bsc#1198820) - Update to v1.8.10 Rook v1.8.10 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: Improve detection of filesystem properties for disk in use (#10230, @leseb) * osd: Remove broken argument for upgraded OSDs on PVCs in legacy lvm mode (#10298, @leseb) * osd: Allow the osd to take two hours to start in case of ceph maintenance (#10250, @travisn) * operator: Report telemetry 'rook/version' in mon store (#10161, @BlaineEXE) - Update to v1.8.9 Rook v1.8.9 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * helm: Add ingressClassName field (#10093, @log1cb0mb) * monitoring: Only set prometheus rules ownerref in same namespace (#10028, @travisn) * osd: only set kek to env var on encryption scenario (#10035, @leseb) * docs: Update the s3 client example for accessing RGW (#9968, @thotz) * osd: Add NixOS specific PATHs to check for lvm2 (#9967, @nazarewk) - Update to v1.8.8 Rook v1.8.8 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: Cluster CR status was not being refreshed after updating the cluster CR (#9962, @leseb) * core: GetLogCollectorResources to get the right resources (#9898, @yuvalman) * object: Remove unnecessary region option from the OBC StorageClass (#9906, @thotz) * core: Add Phase in additionalPrinterColumns for all CRs (#9910, @subhamkrai) * test: Avoid potential data inconsistency on zapping disk (#9930, @satoru-takeuchi) * ci: Add pylint in ci (#9879, @subhamkrai) * core: Incorrect join command in external cluster script (#9862, @vavuthu) * core: Rework usage of ReportReconcileResult (#9873, @BlaineEXE) * csi: Populate mon endpoints even if csi driver not enabled (#9878, @travisn) - Update to v1.8.7 Rook v1.8.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * build: Update ceph base image to v16.2.7-20220216 (#9814, @travisn) * csi: default to ReadWriteOnceWithFSType for cephfs (#9729, @humblec) * mon: Disable startup probe on canary pods (#9888, @travisn) * core: Add Ceph FSID on the cephcluster CR status (#9847, @parth-gr) * csi: Properly apply CSI resource requests and limits (#9868, @TomHellier) * helm: Add resource requests and limits to the toolbox pod (#9856, @TomHellier) * helm: Remove obsolete .Values.image.prefix (#9863, @kahirokunn) * osd: Clarify vault auth error message (#9884, @leseb) * nfs: Remove secret and configmap when downscaling NFS daemons (#9859, @BlaineEXE) * helm: Handle empty StorageClass parameters for object, rbd, and cephfs in the helm chart (#9854, @Zempashi) * helm: Remove obsolete setting for enabling multiple filesystems (#9841, @travisn) * osd: Use lvm mode to create multiple OSDs per device (#9842, @BlaineEXE) * helm: Add filesystem pool name to the storage class (#9838, @mtt0) * docs: Document that the rook-ceph-operator-config ConfigMap is required (#9821, @matthiasr) * core: Suppress verbose disruption controller log messages (#9834, @travisn) * osd: Purge job will remove all pvcs for the osd, not just the data pvc (#9804, @travisn) * osd: Remove osd with purge instead of destroy (#9807, @travisn) - Update to rook 1.8.10 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2453=1 Package List: - SUSE Enterprise Storage 7.1 (noarch): rook-ceph-helm-charts-1.8.10+git0.1899eda8a-150300.3.3.2 rook-k8s-yaml-1.8.10+git0.1899eda8a-150300.3.3.2 References: https://bugzilla.suse.com/1198820 From sle-updates at lists.suse.com Wed Jul 20 19:20:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jul 2022 21:20:37 +0200 (CEST) Subject: SUSE-RU-2022:2454-1: important: Recommended update for SAPHanaSR Message-ID: <20220720192037.21B98FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2454-1 Rating: important References: #1198780 #1198897 SLE-16347 SLE-18613 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Version bump to 0.160.1 - fix HANA_CALL function to support MCOS environments again (bsc#1198780) - fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897) - add HANA_CALL_TIMEOUT parameter back to the resource agents and read the setting from the cluster configuration, if available. Defaults to '60'. Related to github issue#36 - add new HA/DR provider hook susTkOver (jsc#SLE-16347) - add new hook script for SAP HANA System Replication Scale-Up Cost Optimized Scenario. (jsc#SLE-18613) - add a new instance parameter 'REMOVE_SAP_SOCKETS'. It is an optional parameter and defaults to 'true'. Now you can control, if the RA should remove the unix domain sockets related to sapstartsrv before (re-)start sapstartsrv or if it should try to adjust the permissions and ownership of these files instead. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2454=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2454=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2454=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2454=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2454=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2454=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-2454=1 Package List: - openSUSE Leap 15.4 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - openSUSE Leap 15.3 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.160.1-150000.4.20.1 SAPHanaSR-doc-0.160.1-150000.4.20.1 References: https://bugzilla.suse.com/1198780 https://bugzilla.suse.com/1198897 From sle-updates at lists.suse.com Thu Jul 21 04:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 06:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2461-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20220721041642.9472BFDDB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2461-1 Rating: important References: #1199697 #1200059 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2463=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2464=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2465=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2466=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2467=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2468=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2452=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2461=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2462=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2449=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-5-150200.2.3 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-5-150200.2.3 kernel-livepatch-5_3_18-24_107-default-9-150200.2.3 kernel-livepatch-5_3_18-24_107-default-debuginfo-9-150200.2.3 kernel-livepatch-5_3_18-24_75-default-17-150200.2.3 kernel-livepatch-5_3_18-24_75-default-debuginfo-17-150200.2.3 kernel-livepatch-5_3_18-24_83-default-14-150200.2.3 kernel-livepatch-5_3_18-24_83-default-debuginfo-14-150200.2.3 kernel-livepatch-5_3_18-24_96-default-12-150200.2.3 kernel-livepatch-5_3_18-24_96-default-debuginfo-12-150200.2.3 kernel-livepatch-5_3_18-24_99-default-11-150200.2.3 kernel-livepatch-5_3_18-24_99-default-debuginfo-11-150200.2.3 kernel-livepatch-SLE15-SP2_Update_17-debugsource-17-150200.2.3 kernel-livepatch-SLE15-SP2_Update_19-debugsource-14-150200.2.3 kernel-livepatch-SLE15-SP2_Update_22-debugsource-12-150200.2.3 kernel-livepatch-SLE15-SP2_Update_23-debugsource-11-150200.2.3 kernel-livepatch-SLE15-SP2_Update_26-debugsource-5-150200.2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-9-150200.2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-5-150100.2.3 kernel-livepatch-4_12_14-197_102-default-11-150100.2.3 kernel-livepatch-4_12_14-197_108-default-6-150100.2.3 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_83-default-7-150000.2.3 kernel-livepatch-4_12_14-150_83-default-debuginfo-7-150000.2.3 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Thu Jul 21 07:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 09:16:41 +0200 (CEST) Subject: SUSE-RU-2022:2470-1: important: Recommended update for systemd Message-ID: <20220721071641.67285FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2470-1 Rating: important References: #1137373 #1181658 #1194708 #1195157 #1197570 #1198507 #1198732 #1200170 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed" - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as "" - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for "*" in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2470=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2470=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2470=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2470=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2470=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nss-mymachines-246.16-150300.7.48.1 nss-mymachines-debuginfo-246.16-150300.7.48.1 nss-resolve-246.16-150300.7.48.1 nss-resolve-debuginfo-246.16-150300.7.48.1 systemd-logger-246.16-150300.7.48.1 - openSUSE Leap 15.4 (x86_64): nss-mymachines-32bit-246.16-150300.7.48.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.48.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.48.1 libsystemd0-debuginfo-246.16-150300.7.48.1 libudev-devel-246.16-150300.7.48.1 libudev1-246.16-150300.7.48.1 libudev1-debuginfo-246.16-150300.7.48.1 nss-myhostname-246.16-150300.7.48.1 nss-myhostname-debuginfo-246.16-150300.7.48.1 nss-mymachines-246.16-150300.7.48.1 nss-mymachines-debuginfo-246.16-150300.7.48.1 nss-resolve-246.16-150300.7.48.1 nss-resolve-debuginfo-246.16-150300.7.48.1 nss-systemd-246.16-150300.7.48.1 nss-systemd-debuginfo-246.16-150300.7.48.1 systemd-246.16-150300.7.48.1 systemd-container-246.16-150300.7.48.1 systemd-container-debuginfo-246.16-150300.7.48.1 systemd-coredump-246.16-150300.7.48.1 systemd-coredump-debuginfo-246.16-150300.7.48.1 systemd-debuginfo-246.16-150300.7.48.1 systemd-debugsource-246.16-150300.7.48.1 systemd-devel-246.16-150300.7.48.1 systemd-doc-246.16-150300.7.48.1 systemd-journal-remote-246.16-150300.7.48.1 systemd-journal-remote-debuginfo-246.16-150300.7.48.1 systemd-logger-246.16-150300.7.48.1 systemd-network-246.16-150300.7.48.1 systemd-network-debuginfo-246.16-150300.7.48.1 systemd-sysvinit-246.16-150300.7.48.1 udev-246.16-150300.7.48.1 udev-debuginfo-246.16-150300.7.48.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.48.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.48.1 libsystemd0-32bit-debuginfo-246.16-150300.7.48.1 libudev-devel-32bit-246.16-150300.7.48.1 libudev1-32bit-246.16-150300.7.48.1 libudev1-32bit-debuginfo-246.16-150300.7.48.1 nss-myhostname-32bit-246.16-150300.7.48.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.48.1 nss-mymachines-32bit-246.16-150300.7.48.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.48.1 systemd-32bit-246.16-150300.7.48.1 systemd-32bit-debuginfo-246.16-150300.7.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.48.1 libsystemd0-debuginfo-246.16-150300.7.48.1 libudev-devel-246.16-150300.7.48.1 libudev1-246.16-150300.7.48.1 libudev1-debuginfo-246.16-150300.7.48.1 systemd-246.16-150300.7.48.1 systemd-container-246.16-150300.7.48.1 systemd-container-debuginfo-246.16-150300.7.48.1 systemd-coredump-246.16-150300.7.48.1 systemd-coredump-debuginfo-246.16-150300.7.48.1 systemd-debuginfo-246.16-150300.7.48.1 systemd-debugsource-246.16-150300.7.48.1 systemd-devel-246.16-150300.7.48.1 systemd-doc-246.16-150300.7.48.1 systemd-journal-remote-246.16-150300.7.48.1 systemd-journal-remote-debuginfo-246.16-150300.7.48.1 systemd-sysvinit-246.16-150300.7.48.1 udev-246.16-150300.7.48.1 udev-debuginfo-246.16-150300.7.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.48.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.48.1 libsystemd0-32bit-debuginfo-246.16-150300.7.48.1 libudev1-32bit-246.16-150300.7.48.1 libudev1-32bit-debuginfo-246.16-150300.7.48.1 systemd-32bit-246.16-150300.7.48.1 systemd-32bit-debuginfo-246.16-150300.7.48.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.48.1 libsystemd0-debuginfo-246.16-150300.7.48.1 libudev1-246.16-150300.7.48.1 libudev1-debuginfo-246.16-150300.7.48.1 systemd-246.16-150300.7.48.1 systemd-container-246.16-150300.7.48.1 systemd-container-debuginfo-246.16-150300.7.48.1 systemd-debuginfo-246.16-150300.7.48.1 systemd-debugsource-246.16-150300.7.48.1 systemd-journal-remote-246.16-150300.7.48.1 systemd-journal-remote-debuginfo-246.16-150300.7.48.1 systemd-sysvinit-246.16-150300.7.48.1 udev-246.16-150300.7.48.1 udev-debuginfo-246.16-150300.7.48.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.48.1 libsystemd0-debuginfo-246.16-150300.7.48.1 libudev1-246.16-150300.7.48.1 libudev1-debuginfo-246.16-150300.7.48.1 systemd-246.16-150300.7.48.1 systemd-container-246.16-150300.7.48.1 systemd-container-debuginfo-246.16-150300.7.48.1 systemd-debuginfo-246.16-150300.7.48.1 systemd-debugsource-246.16-150300.7.48.1 systemd-journal-remote-246.16-150300.7.48.1 systemd-journal-remote-debuginfo-246.16-150300.7.48.1 systemd-sysvinit-246.16-150300.7.48.1 udev-246.16-150300.7.48.1 udev-debuginfo-246.16-150300.7.48.1 References: https://bugzilla.suse.com/1137373 https://bugzilla.suse.com/1181658 https://bugzilla.suse.com/1194708 https://bugzilla.suse.com/1195157 https://bugzilla.suse.com/1197570 https://bugzilla.suse.com/1198507 https://bugzilla.suse.com/1198732 https://bugzilla.suse.com/1200170 From sle-updates at lists.suse.com Thu Jul 21 07:19:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 09:19:13 +0200 (CEST) Subject: SUSE-CU-2022:1575-1: Security update of bci/nodejs Message-ID: <20220721071913.663B7FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1575-1 Container Tags : bci/node:12 , bci/node:12-16.101 , bci/nodejs:12 , bci/nodejs:12-16.101 Container Release : 16.101 Severity : important Type : security References : 1201325 1201326 1201327 1201328 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2430-1 Released: Mon Jul 18 17:34:41 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following package changes have been done: - nodejs12-12.22.12-150200.4.35.1 updated - npm12-12.22.12-150200.4.35.1 updated - container:sles15-image-15.0.0-17.20.1 updated From sle-updates at lists.suse.com Thu Jul 21 07:21:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 09:21:10 +0200 (CEST) Subject: SUSE-RU-2022:2471-1: important: Recommended update for systemd Message-ID: <20220721072110.70A60FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2471-1 Rating: important References: #1148309 #1191502 #1195529 #1200170 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2471=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2471=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2471=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2471=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2471=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2471=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2471=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2471=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2471=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2471=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2471=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2471=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2471=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2471=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2471=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2471=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2471=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): systemd-bash-completion-234-150000.24.111.1 - openSUSE Leap 15.3 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Manager Server 4.1 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Manager Server 4.1 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Manager Retail Branch Server 4.1 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Manager Proxy 4.1 (x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Manager Proxy 4.1 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Enterprise Storage 7 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE Enterprise Storage 7 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 - SUSE Enterprise Storage 6 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE Enterprise Storage 6 (x86_64): libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 - SUSE CaaS Platform 4.0 (noarch): systemd-bash-completion-234-150000.24.111.1 - SUSE CaaS Platform 4.0 (x86_64): libsystemd0-234-150000.24.111.1 libsystemd0-32bit-234-150000.24.111.1 libsystemd0-32bit-debuginfo-234-150000.24.111.1 libsystemd0-debuginfo-234-150000.24.111.1 libudev-devel-234-150000.24.111.1 libudev1-234-150000.24.111.1 libudev1-32bit-234-150000.24.111.1 libudev1-32bit-debuginfo-234-150000.24.111.1 libudev1-debuginfo-234-150000.24.111.1 systemd-234-150000.24.111.1 systemd-32bit-234-150000.24.111.1 systemd-32bit-debuginfo-234-150000.24.111.1 systemd-container-234-150000.24.111.1 systemd-container-debuginfo-234-150000.24.111.1 systemd-coredump-234-150000.24.111.1 systemd-coredump-debuginfo-234-150000.24.111.1 systemd-debuginfo-234-150000.24.111.1 systemd-debugsource-234-150000.24.111.1 systemd-devel-234-150000.24.111.1 systemd-sysvinit-234-150000.24.111.1 udev-234-150000.24.111.1 udev-debuginfo-234-150000.24.111.1 References: https://bugzilla.suse.com/1148309 https://bugzilla.suse.com/1191502 https://bugzilla.suse.com/1195529 https://bugzilla.suse.com/1200170 From sle-updates at lists.suse.com Thu Jul 21 07:22:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 09:22:15 +0200 (CEST) Subject: SUSE-RU-2022:2469-1: important: Recommended update for systemd Message-ID: <20220721072215.38A8AFDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2469-1 Rating: important References: #1137373 #1181658 #1194708 #1195157 #1197570 #1198732 #1200170 #1201276 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2469=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2469=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.11-150400.8.5.1 libsystemd0-debuginfo-249.11-150400.8.5.1 libudev1-249.11-150400.8.5.1 libudev1-debuginfo-249.11-150400.8.5.1 nss-myhostname-249.11-150400.8.5.1 nss-myhostname-debuginfo-249.11-150400.8.5.1 nss-systemd-249.11-150400.8.5.1 nss-systemd-debuginfo-249.11-150400.8.5.1 systemd-249.11-150400.8.5.1 systemd-container-249.11-150400.8.5.1 systemd-container-debuginfo-249.11-150400.8.5.1 systemd-coredump-249.11-150400.8.5.1 systemd-coredump-debuginfo-249.11-150400.8.5.1 systemd-debuginfo-249.11-150400.8.5.1 systemd-debugsource-249.11-150400.8.5.1 systemd-devel-249.11-150400.8.5.1 systemd-doc-249.11-150400.8.5.1 systemd-experimental-249.11-150400.8.5.1 systemd-experimental-debuginfo-249.11-150400.8.5.1 systemd-journal-remote-249.11-150400.8.5.1 systemd-journal-remote-debuginfo-249.11-150400.8.5.1 systemd-network-249.11-150400.8.5.1 systemd-network-debuginfo-249.11-150400.8.5.1 systemd-portable-249.11-150400.8.5.1 systemd-portable-debuginfo-249.11-150400.8.5.1 systemd-sysvinit-249.11-150400.8.5.1 systemd-testsuite-249.11-150400.8.5.1 systemd-testsuite-debuginfo-249.11-150400.8.5.1 udev-249.11-150400.8.5.1 udev-debuginfo-249.11-150400.8.5.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.11-150400.8.5.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.11-150400.8.5.1 libsystemd0-32bit-debuginfo-249.11-150400.8.5.1 libudev1-32bit-249.11-150400.8.5.1 libudev1-32bit-debuginfo-249.11-150400.8.5.1 nss-myhostname-32bit-249.11-150400.8.5.1 nss-myhostname-32bit-debuginfo-249.11-150400.8.5.1 systemd-32bit-249.11-150400.8.5.1 systemd-32bit-debuginfo-249.11-150400.8.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.11-150400.8.5.1 libsystemd0-debuginfo-249.11-150400.8.5.1 libudev1-249.11-150400.8.5.1 libudev1-debuginfo-249.11-150400.8.5.1 systemd-249.11-150400.8.5.1 systemd-container-249.11-150400.8.5.1 systemd-container-debuginfo-249.11-150400.8.5.1 systemd-coredump-249.11-150400.8.5.1 systemd-coredump-debuginfo-249.11-150400.8.5.1 systemd-debuginfo-249.11-150400.8.5.1 systemd-debugsource-249.11-150400.8.5.1 systemd-devel-249.11-150400.8.5.1 systemd-doc-249.11-150400.8.5.1 systemd-sysvinit-249.11-150400.8.5.1 udev-249.11-150400.8.5.1 udev-debuginfo-249.11-150400.8.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.11-150400.8.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.11-150400.8.5.1 libsystemd0-32bit-debuginfo-249.11-150400.8.5.1 libudev1-32bit-249.11-150400.8.5.1 libudev1-32bit-debuginfo-249.11-150400.8.5.1 systemd-32bit-249.11-150400.8.5.1 systemd-32bit-debuginfo-249.11-150400.8.5.1 References: https://bugzilla.suse.com/1137373 https://bugzilla.suse.com/1181658 https://bugzilla.suse.com/1194708 https://bugzilla.suse.com/1195157 https://bugzilla.suse.com/1197570 https://bugzilla.suse.com/1198732 https://bugzilla.suse.com/1200170 https://bugzilla.suse.com/1201276 From sle-updates at lists.suse.com Thu Jul 21 13:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 15:17:43 +0200 (CEST) Subject: SUSE-RU-2022:2473-1: moderate: Recommended update for firewalld Message-ID: <20220721131743.552B6FF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2473-1 Rating: moderate References: #1198814 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for firewalld fixes the following issues: - Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2473=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2473=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2473=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2473=1 Package List: - openSUSE Leap 15.4 (noarch): firewall-applet-0.9.3-150400.8.6.1 firewall-config-0.9.3-150400.8.6.1 firewall-macros-0.9.3-150400.8.6.1 firewalld-0.9.3-150400.8.6.1 firewalld-lang-0.9.3-150400.8.6.1 python3-firewall-0.9.3-150400.8.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): firewall-macros-0.9.3-150400.8.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): firewall-applet-0.9.3-150400.8.6.1 firewall-config-0.9.3-150400.8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): firewalld-0.9.3-150400.8.6.1 firewalld-lang-0.9.3-150400.8.6.1 python3-firewall-0.9.3-150400.8.6.1 References: https://bugzilla.suse.com/1198814 From sle-updates at lists.suse.com Thu Jul 21 13:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 15:20:11 +0200 (CEST) Subject: SUSE-RU-2022:2487-1: moderate: Recommended update for python-urlgrabber Message-ID: <20220721132011.26E6FFF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-urlgrabber ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2487-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-urlgrabber fixes the following issues: - Fix wrong logic on `find_proxy` method causing proxy not being used Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2487=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2487=1 Package List: - openSUSE Leap 15.4 (noarch): python3-urlgrabber-4.1.0-150400.4.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch): python3-urlgrabber-4.1.0-150400.4.3.1 References: From sle-updates at lists.suse.com Thu Jul 21 13:18:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 15:18:25 +0200 (CEST) Subject: SUSE-SU-2022:2478-1: important: Security update for the Linux Kernel Message-ID: <20220721131825.77C1BFF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2478-1 Rating: important References: #1066618 #1146519 #1194013 #1196901 #1199487 #1199657 #1200571 #1200604 #1200605 #1200619 #1200692 #1201050 #1201080 Cross-References: CVE-2017-16525 CVE-2021-26341 CVE-2021-4157 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVSS scores: CVE-2017-16525 (NVD) : 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16525 (SUSE): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2017-16525: Fixed a use-after-free after failed setup in usb/serial/console (bsc#1066618). The following non-security bugs were fixed: - exec: Force single empty string when argv is empty (bsc#1200571). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2478=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.167.1 kernel-macros-4.4.180-94.167.1 kernel-source-4.4.180-94.167.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.167.1 kernel-default-base-4.4.180-94.167.1 kernel-default-base-debuginfo-4.4.180-94.167.1 kernel-default-debuginfo-4.4.180-94.167.1 kernel-default-debugsource-4.4.180-94.167.1 kernel-default-devel-4.4.180-94.167.1 kernel-syms-4.4.180-94.167.1 References: https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://bugzilla.suse.com/1066618 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Thu Jul 21 13:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 15:17:09 +0200 (CEST) Subject: SUSE-FU-2022:2488-1: moderate: Feature update for python-python-debian Message-ID: <20220721131709.7AE47FF0D@maintenance.suse.de> SUSE Feature Update: Feature update for python-python-debian ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2488-1 Rating: moderate References: SLE-24672 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for python-python-debian provides: - Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672) - Provide python-python-debian version 0.1.44 (jsc#SLE-24672) * Add support for zstd compression in .deb files * Use logging.warning rather than warnings for data problems. * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package * Update packaging for zstd compressed .deb code * Annotate binutils build-dep with * Update Standards-Version to 4.6.1 * Various improvements to the round-trip-safe deb822 parser * Support the Files-Included field in debian/copyright * Fix URL for API documentation in README.rst * RTS parser: minor documentation fixes * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5 * RTS parser: Handle leading tabs for setting values * RTS parser: Preserve original field case * RTS parser: Expose str type for keys in paragraphs * Use logging for warnings about data that's being read, rather than the warnings module * Fix type checks for mypy 0.910 * Silence lintian complaint about touching the dpkg database in the examples * Add RTS parser to setup.py so that it is installed. * Add copyright attribution for RTS parser * RTS parser: Accept tabs as continuation line marker * Interpretation: Preserve tab as continuation line if used * RTS parser: Make value interpretation tokenization consistent * RTS parser: Add interpretation for Uploaders field * Add contextmanager to DebFile * Added format/comment preserving deb822 parser as debian._deb822_repro. * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields * In debian.changelog.get_maintainer, cope with unknown UIDs * Numerous enhancements to the deb822.BuildInfo class * Include portability patch for pwd module on Windows * Drop the deb822.BuildInfo.get_debian_suite function * Move re.compile calls out of functions * Revert unintended renaming of Changelog.get_version/set_version * Add a type for .buildinfo files (deb822.BuildInfo) * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files * Permit single-character package names in dependency relationship specifications * Update to debhelper-compat (= 13) * Update examples to use #!/usr/bin/python3 * Fix tabs vs spaces in examples. * Provide accessor for source package version for binary packages * Allow debian_support.PackageFile to accept StringIO as well as BytesIO * Change handling of case-insensitive field names to allow Deb822 objects to be serialised * Add SHA265 support to handling of pdiffs * Add support for additional headers for merged pdiffs to PDiffIndex * Add a debian.watch module for parsing watch files * Prevent stripping of last newline in initial lines before changelog files * Add a Copyright.files_excluded field * Allow specifying allow_missing_author when reserializing changelog entries * Drop python2 support (from version 0.1.37) * Add Rules-Requires-Root: no * Parse Built-Using relationship fields * Extend Deb822 parser to allow underscores in the field name * Add accessors for Version objects from Deb822 - Remove superfluous devel dependency for noarch package Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2488=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2488=1 Package List: - openSUSE Leap 15.4 (noarch): python3-python-debian-0.1.44-150400.9.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): python3-python-debian-0.1.44-150400.9.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): python3-python-debian-0.1.44-150400.9.3.1 References: From sle-updates at lists.suse.com Thu Jul 21 16:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 18:17:34 +0200 (CEST) Subject: SUSE-RU-2022:2490-1: important: Recommended update for release-notes-sles Message-ID: <20220721161734.BFFB4FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2490-1 Rating: important References: #1197001 #1198415 #1200070 #1200422 #1200669 #1200927 #933411 SLE-11448 SLE-14424 SLE-18132 SLE-20923 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 7 recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update the release notes to version 15.4.20220714 (bsc#933411) - Provided information on a solution for a qemu error (bsc#1200422) - Provided information about improved AES-GCM performance (jsc#SLE-18132) - Provided information about iotop (bsc#1200669) - Updated information to include product version (bsc#1200927) - Provided information about removing driver versions from modinfo (bsc#1200070) - Updated information on LPM and DPAR (bsc#1198415) - Provided information on the libmodman removal (jsc#SLE-20923) - Provided information on the removal of pam_ldap and nss_ldap (jsc#SLE-11448) - Provided information about virt-manager SEV detection (jsc#SLE-14424) - Provided information about NFS readahead size reduction (bsc#1197001) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2490=1 - SUSE Linux Enterprise Server 15-SP4: zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-2022-2490=1 - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2022-2490=1 Package List: - openSUSE Leap 15.4 (noarch): release-notes-sles-15.4.20220714-150400.3.4.2 - SUSE Linux Enterprise Server 15-SP4 (noarch): release-notes-sles-15.4.20220714-150400.3.4.2 - SUSE Linux Enterprise Installer 15-SP4 (noarch): release-notes-sles-15.4.20220714-150400.3.4.2 References: https://bugzilla.suse.com/1197001 https://bugzilla.suse.com/1198415 https://bugzilla.suse.com/1200070 https://bugzilla.suse.com/1200422 https://bugzilla.suse.com/1200669 https://bugzilla.suse.com/1200927 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Thu Jul 21 16:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 18:18:46 +0200 (CEST) Subject: SUSE-RU-2022:2494-1: important: Recommended update for glibc Message-ID: <20220721161846.59897FDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2494-1 Rating: important References: #1200855 #1201560 #1201640 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2494=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2494=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2494=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2494=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2494=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2494=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2494=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2494=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-devel-debuginfo-2.31-150300.37.1 glibc-devel-static-2.31-150300.37.1 glibc-extra-2.31-150300.37.1 glibc-extra-debuginfo-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 glibc-profile-2.31-150300.37.1 glibc-utils-2.31-150300.37.1 glibc-utils-debuginfo-2.31-150300.37.1 glibc-utils-src-debugsource-2.31-150300.37.1 nscd-2.31-150300.37.1 nscd-debuginfo-2.31-150300.37.1 - openSUSE Leap 15.4 (noarch): glibc-html-2.31-150300.37.1 glibc-i18ndata-2.31-150300.37.1 glibc-info-2.31-150300.37.1 glibc-lang-2.31-150300.37.1 - openSUSE Leap 15.4 (x86_64): glibc-32bit-2.31-150300.37.1 glibc-32bit-debuginfo-2.31-150300.37.1 glibc-devel-32bit-2.31-150300.37.1 glibc-devel-32bit-debuginfo-2.31-150300.37.1 glibc-devel-static-32bit-2.31-150300.37.1 glibc-locale-base-32bit-2.31-150300.37.1 glibc-locale-base-32bit-debuginfo-2.31-150300.37.1 glibc-profile-32bit-2.31-150300.37.1 glibc-utils-32bit-2.31-150300.37.1 glibc-utils-32bit-debuginfo-2.31-150300.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-devel-debuginfo-2.31-150300.37.1 glibc-devel-static-2.31-150300.37.1 glibc-extra-2.31-150300.37.1 glibc-extra-debuginfo-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 glibc-profile-2.31-150300.37.1 glibc-utils-2.31-150300.37.1 glibc-utils-debuginfo-2.31-150300.37.1 glibc-utils-src-debugsource-2.31-150300.37.1 nscd-2.31-150300.37.1 nscd-debuginfo-2.31-150300.37.1 - openSUSE Leap 15.3 (noarch): glibc-html-2.31-150300.37.1 glibc-i18ndata-2.31-150300.37.1 glibc-info-2.31-150300.37.1 glibc-lang-2.31-150300.37.1 - openSUSE Leap 15.3 (x86_64): glibc-32bit-2.31-150300.37.1 glibc-32bit-debuginfo-2.31-150300.37.1 glibc-devel-32bit-2.31-150300.37.1 glibc-devel-32bit-debuginfo-2.31-150300.37.1 glibc-devel-static-32bit-2.31-150300.37.1 glibc-locale-base-32bit-2.31-150300.37.1 glibc-locale-base-32bit-debuginfo-2.31-150300.37.1 glibc-profile-32bit-2.31-150300.37.1 glibc-utils-32bit-2.31-150300.37.1 glibc-utils-32bit-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-static-2.31-150300.37.1 glibc-utils-2.31-150300.37.1 glibc-utils-debuginfo-2.31-150300.37.1 glibc-utils-src-debugsource-2.31-150300.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): glibc-32bit-debuginfo-2.31-150300.37.1 glibc-devel-32bit-2.31-150300.37.1 glibc-devel-32bit-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-static-2.31-150300.37.1 glibc-utils-2.31-150300.37.1 glibc-utils-debuginfo-2.31-150300.37.1 glibc-utils-src-debugsource-2.31-150300.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-150300.37.1 glibc-devel-32bit-2.31-150300.37.1 glibc-devel-32bit-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-devel-debuginfo-2.31-150300.37.1 glibc-extra-2.31-150300.37.1 glibc-extra-debuginfo-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 glibc-profile-2.31-150300.37.1 nscd-2.31-150300.37.1 nscd-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): glibc-i18ndata-2.31-150300.37.1 glibc-info-2.31-150300.37.1 glibc-lang-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): glibc-32bit-2.31-150300.37.1 glibc-32bit-debuginfo-2.31-150300.37.1 glibc-locale-base-32bit-2.31-150300.37.1 glibc-locale-base-32bit-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-devel-debuginfo-2.31-150300.37.1 glibc-extra-2.31-150300.37.1 glibc-extra-debuginfo-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 glibc-profile-2.31-150300.37.1 nscd-2.31-150300.37.1 nscd-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-150300.37.1 glibc-32bit-debuginfo-2.31-150300.37.1 glibc-locale-base-32bit-2.31-150300.37.1 glibc-locale-base-32bit-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-150300.37.1 glibc-info-2.31-150300.37.1 glibc-lang-2.31-150300.37.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glibc-2.31-150300.37.1 glibc-debuginfo-2.31-150300.37.1 glibc-debugsource-2.31-150300.37.1 glibc-devel-2.31-150300.37.1 glibc-locale-2.31-150300.37.1 glibc-locale-base-2.31-150300.37.1 glibc-locale-base-debuginfo-2.31-150300.37.1 References: https://bugzilla.suse.com/1200855 https://bugzilla.suse.com/1201560 https://bugzilla.suse.com/1201640 From sle-updates at lists.suse.com Thu Jul 21 16:19:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 18:19:38 +0200 (CEST) Subject: SUSE-RU-2022:2493-1: moderate: Recommended update for rpm-config-SUSE Message-ID: <20220721161938.7CEBCFDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm-config-SUSE ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2493-1 Rating: moderate References: #1193282 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2493=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2493=1 Package List: - openSUSE Leap 15.4 (noarch): rpm-config-SUSE-1-150400.14.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): rpm-config-SUSE-1-150400.14.3.1 References: https://bugzilla.suse.com/1193282 From sle-updates at lists.suse.com Thu Jul 21 16:20:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 18:20:18 +0200 (CEST) Subject: SUSE-SU-2022:2491-1: important: Security update for nodejs16 Message-ID: <20220721162018.38679FDDB@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2491-1 Rating: important References: #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2491=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-2491=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack16-16.16.0-150400.3.3.2 nodejs16-16.16.0-150400.3.3.2 nodejs16-debuginfo-16.16.0-150400.3.3.2 nodejs16-debugsource-16.16.0-150400.3.3.2 nodejs16-devel-16.16.0-150400.3.3.2 npm16-16.16.0-150400.3.3.2 - openSUSE Leap 15.4 (noarch): nodejs16-docs-16.16.0-150400.3.3.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150400.3.3.2 nodejs16-debuginfo-16.16.0-150400.3.3.2 nodejs16-debugsource-16.16.0-150400.3.3.2 nodejs16-devel-16.16.0-150400.3.3.2 npm16-16.16.0-150400.3.3.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs16-docs-16.16.0-150400.3.3.2 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Thu Jul 21 19:17:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 21:17:22 +0200 (CEST) Subject: SUSE-SU-2022:2515-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) Message-ID: <20220721191722.7B3FAFF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2515-1 Rating: important References: #1196959 #1200608 Cross-References: CVE-2021-39698 CVE-2022-20154 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_71 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2515=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_71-default-3-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Thu Jul 21 19:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jul 2022 21:18:07 +0200 (CEST) Subject: SUSE-SU-2022:2516-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Message-ID: <20220721191807.C853BFF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2516-1 Rating: important References: #1196959 #1199648 #1200608 Cross-References: CVE-2021-39698 CVE-2022-1116 CVE-2022-20154 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-1116: Fixed an integer overflow in io_uring which may lead to local privilege escalation (bsc#1199647). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2516=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_76-default-2-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-20154.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Thu Jul 21 22:17:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 00:17:44 +0200 (CEST) Subject: SUSE-SU-2022:2482-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15) Message-ID: <20220721221744.DEFEAFF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2482-1 Rating: important References: #1199697 #1200059 #1200608 Cross-References: CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 CVSS scores: CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_89 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2517=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2477=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2484=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2486=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2489=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2492=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2504=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2508=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2509=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2510=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2512=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2513=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2514=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2518=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2519=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2521=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2485=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2502=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2503=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2506=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2507=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2500=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2501=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2497=1 SUSE-SLE-Module-Live-Patching-15-2022-2498=1 SUSE-SLE-Module-Live-Patching-15-2022-2499=1 SUSE-SLE-Module-Live-Patching-15-2022-2511=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2474=1 SUSE-SLE-Live-Patching-12-SP5-2022-2475=1 SUSE-SLE-Live-Patching-12-SP5-2022-2476=1 SUSE-SLE-Live-Patching-12-SP5-2022-2479=1 SUSE-SLE-Live-Patching-12-SP5-2022-2480=1 SUSE-SLE-Live-Patching-12-SP5-2022-2481=1 SUSE-SLE-Live-Patching-12-SP5-2022-2482=1 SUSE-SLE-Live-Patching-12-SP5-2022-2483=1 SUSE-SLE-Live-Patching-12-SP5-2022-2496=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2472=1 SUSE-SLE-Live-Patching-12-SP4-2022-2505=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-3-150400.4.6.2 kernel-livepatch-5_14_21-150400_22-default-debuginfo-3-150400.4.6.2 kernel-livepatch-SLE15-SP4_Update_0-debugsource-3-150400.4.6.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-11-150300.2.3 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-11-150300.2.3 kernel-livepatch-5_3_18-150300_59_46-default-11-150300.2.3 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-11-150300.2.3 kernel-livepatch-5_3_18-150300_59_49-default-10-150300.2.3 kernel-livepatch-5_3_18-150300_59_54-default-9-150300.2.3 kernel-livepatch-5_3_18-150300_59_60-default-8-150300.3.2 kernel-livepatch-5_3_18-150300_59_63-default-5-150300.2.3 kernel-livepatch-5_3_18-150300_59_68-default-4-150300.2.3 kernel-livepatch-5_3_18-59_13-default-18-150300.2.3 kernel-livepatch-5_3_18-59_13-default-debuginfo-18-150300.2.3 kernel-livepatch-5_3_18-59_16-default-17-150300.2.3 kernel-livepatch-5_3_18-59_16-default-debuginfo-17-150300.2.3 kernel-livepatch-5_3_18-59_19-default-16-150300.2.3 kernel-livepatch-5_3_18-59_19-default-debuginfo-16-150300.2.3 kernel-livepatch-5_3_18-59_24-default-14-150300.2.3 kernel-livepatch-5_3_18-59_24-default-debuginfo-14-150300.2.3 kernel-livepatch-5_3_18-59_27-default-14-150300.2.3 kernel-livepatch-5_3_18-59_27-default-debuginfo-14-150300.2.3 kernel-livepatch-5_3_18-59_34-default-13-150300.2.3 kernel-livepatch-5_3_18-59_34-default-debuginfo-13-150300.2.3 kernel-livepatch-5_3_18-59_37-default-12-150300.2.3 kernel-livepatch-5_3_18-59_37-default-debuginfo-12-150300.2.3 kernel-livepatch-5_3_18-59_40-default-12-150300.2.3 kernel-livepatch-SLE15-SP3_Update_10-debugsource-12-150300.2.3 kernel-livepatch-SLE15-SP3_Update_3-debugsource-18-150300.2.3 kernel-livepatch-SLE15-SP3_Update_4-debugsource-17-150300.2.3 kernel-livepatch-SLE15-SP3_Update_5-debugsource-16-150300.2.3 kernel-livepatch-SLE15-SP3_Update_6-debugsource-14-150300.2.3 kernel-livepatch-SLE15-SP3_Update_7-debugsource-14-150300.2.3 kernel-livepatch-SLE15-SP3_Update_9-debugsource-13-150300.2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-12-150300.2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-10-150200.2.3 kernel-livepatch-5_3_18-24_102-default-debuginfo-10-150200.2.3 kernel-livepatch-5_3_18-24_70-default-18-150200.2.3 kernel-livepatch-5_3_18-24_70-default-debuginfo-18-150200.2.3 kernel-livepatch-5_3_18-24_78-default-16-150200.2.3 kernel-livepatch-5_3_18-24_78-default-debuginfo-16-150200.2.3 kernel-livepatch-5_3_18-24_86-default-14-150200.2.3 kernel-livepatch-5_3_18-24_86-default-debuginfo-14-150200.2.3 kernel-livepatch-5_3_18-24_93-default-13-150200.2.3 kernel-livepatch-5_3_18-24_93-default-debuginfo-13-150200.2.3 kernel-livepatch-SLE15-SP2_Update_16-debugsource-18-150200.2.3 kernel-livepatch-SLE15-SP2_Update_18-debugsource-16-150200.2.3 kernel-livepatch-SLE15-SP2_Update_20-debugsource-14-150200.2.3 kernel-livepatch-SLE15-SP2_Update_21-debugsource-13-150200.2.3 kernel-livepatch-SLE15-SP2_Update_24-debugsource-10-150200.2.3 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_105-default-7-150100.2.3 kernel-livepatch-4_12_14-197_99-default-16-150100.2.3 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-5-150000.2.3 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-5-150000.2.3 kernel-livepatch-4_12_14-150_75-default-16-150000.2.3 kernel-livepatch-4_12_14-150_75-default-debuginfo-16-150000.2.3 kernel-livepatch-4_12_14-150_78-default-11-150000.2.3 kernel-livepatch-4_12_14-150_78-default-debuginfo-11-150000.2.3 kernel-livepatch-4_12_14-150_86-default-6-150000.2.3 kernel-livepatch-4_12_14-150_86-default-debuginfo-6-150000.2.3 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-12-2.3 kgraft-patch-4_12_14-122_106-default-10-2.3 kgraft-patch-4_12_14-122_110-default-8-2.3 kgraft-patch-4_12_14-122_113-default-7-2.3 kgraft-patch-4_12_14-122_121-default-3-2.3 kgraft-patch-4_12_14-122_77-default-18-2.3 kgraft-patch-4_12_14-122_80-default-17-2.3 kgraft-patch-4_12_14-122_83-default-16-2.3 kgraft-patch-4_12_14-122_88-default-14-2.3 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_88-default-7-2.3 kgraft-patch-4_12_14-95_96-default-5-2.3 References: https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21499.html https://bugzilla.suse.com/1199697 https://bugzilla.suse.com/1200059 https://bugzilla.suse.com/1200608 From sle-updates at lists.suse.com Thu Jul 21 22:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 00:20:26 +0200 (CEST) Subject: SUSE-SU-2022:2520-1: important: Security update for the Linux Kernel Message-ID: <20220721222026.21A68FF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2520-1 Rating: important References: #1055117 #1061840 #1065729 #1071995 #1089644 #1103269 #1118212 #1121726 #1137728 #1156395 #1157038 #1157923 #1175667 #1179439 #1179639 #1180814 #1183682 #1183872 #1184318 #1184924 #1187716 #1188885 #1189998 #1190137 #1190208 #1190336 #1190497 #1190768 #1190786 #1190812 #1191271 #1191663 #1192483 #1193064 #1193277 #1193289 #1193431 #1193556 #1193629 #1193640 #1193787 #1193823 #1193852 #1194086 #1194111 #1194191 #1194409 #1194501 #1194523 #1194526 #1194583 #1194585 #1194586 #1194625 #1194765 #1194826 #1194869 #1195099 #1195287 #1195478 #1195482 #1195504 #1195651 #1195668 #1195669 #1195775 #1195823 #1195826 #1195913 #1195915 #1195926 #1195944 #1195957 #1195987 #1196079 #1196114 #1196130 #1196213 #1196306 #1196367 #1196400 #1196426 #1196478 #1196514 #1196570 #1196723 #1196779 #1196830 #1196836 #1196866 #1196868 #1196869 #1196901 #1196930 #1196942 #1196960 #1197016 #1197157 #1197227 #1197243 #1197292 #1197302 #1197303 #1197304 #1197362 #1197386 #1197501 #1197601 #1197661 #1197675 #1197761 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1197915 #1197917 #1197918 #1197920 #1197921 #1197922 #1197926 #1198009 #1198010 #1198012 #1198013 #1198014 #1198015 #1198016 #1198017 #1198018 #1198019 #1198020 #1198021 #1198022 #1198023 #1198024 #1198027 #1198030 #1198034 #1198058 #1198217 #1198379 #1198400 #1198402 #1198410 #1198412 #1198413 #1198438 #1198484 #1198577 #1198585 #1198660 #1198802 #1198803 #1198806 #1198811 #1198826 #1198829 #1198835 #1198968 #1198971 #1199011 #1199024 #1199035 #1199046 #1199052 #1199063 #1199163 #1199173 #1199260 #1199314 #1199390 #1199426 #1199433 #1199439 #1199482 #1199487 #1199505 #1199507 #1199605 #1199611 #1199626 #1199631 #1199650 #1199657 #1199674 #1199736 #1199793 #1199839 #1199875 #1199909 #1200015 #1200019 #1200045 #1200046 #1200144 #1200205 #1200211 #1200259 #1200263 #1200284 #1200315 #1200343 #1200420 #1200442 #1200475 #1200502 #1200567 #1200569 #1200571 #1200599 #1200600 #1200608 #1200611 #1200619 #1200692 #1200762 #1200763 #1200806 #1200807 #1200808 #1200809 #1200810 #1200812 #1200813 #1200815 #1200816 #1200820 #1200821 #1200822 #1200824 #1200825 #1200827 #1200828 #1200829 #1200830 #1200845 #1200882 #1200925 #1201050 #1201080 #1201160 #1201171 #1201177 #1201193 #1201196 #1201218 #1201222 #1201228 #1201251 #1201381 #1201471 #1201524 SLE-13513 SLE-13521 SLE-15442 SLE-17855 SLE-18194 SLE-18234 SLE-18375 SLE-18377 SLE-18378 SLE-18382 SLE-18385 SLE-18901 SLE-18938 SLE-18978 SLE-19001 SLE-19026 SLE-19242 SLE-19249 SLE-19253 SLE-19924 SLE-21315 SLE-23643 SLE-24072 SLE-24093 SLE-24350 SLE-24549 Cross-References: CVE-2021-26341 CVE-2021-33061 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1462 CVE-2022-1508 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-23222 CVE-2022-26365 CVE-2022-26490 CVE-2022-29582 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4204 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-0264 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0264 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0494 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2022-0494 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1508 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L CVE-2022-1651 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1671 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1789 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1789 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1852 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1852 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1998 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1998 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23222 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23222 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29582 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29582 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33743 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33743 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi" (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13" (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when "audit=1" on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported "bus-frequency" (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit "Unhandled message" warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after "x86/mm/cpa: Generalize __set_memory_enc_pgtable()" (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct "nr_active_uret_msrs" field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize "flags" in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix "VFE halt timeout" error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use "maxim,gpio-poc" property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking "struct smc_pnettable" (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix "unsigned 'retval' is never less than zero" smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix "defined but not used" warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (git-fixes). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (git-fixes). - Revert "svm: Add warning message for AVIC IPI invalid target" (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in "bpftool prog profile" doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old "cpu" value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2520=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2520=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2520=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2520=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2520=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2520=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2520=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.11.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.11.1 dlm-kmp-default-5.14.21-150400.24.11.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.11.1 gfs2-kmp-default-5.14.21-150400.24.11.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-5.14.21-150400.24.11.1 kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6 kernel-default-base-rebuild-5.14.21-150400.24.11.1.150400.24.3.6 kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 kernel-default-devel-5.14.21-150400.24.11.1 kernel-default-devel-debuginfo-5.14.21-150400.24.11.1 kernel-default-extra-5.14.21-150400.24.11.1 kernel-default-extra-debuginfo-5.14.21-150400.24.11.1 kernel-default-livepatch-5.14.21-150400.24.11.1 kernel-default-livepatch-devel-5.14.21-150400.24.11.1 kernel-default-optional-5.14.21-150400.24.11.1 kernel-default-optional-debuginfo-5.14.21-150400.24.11.1 kernel-obs-build-5.14.21-150400.24.11.1 kernel-obs-build-debugsource-5.14.21-150400.24.11.1 kernel-obs-qa-5.14.21-150400.24.11.1 kernel-syms-5.14.21-150400.24.11.1 kselftests-kmp-default-5.14.21-150400.24.11.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.11.1 ocfs2-kmp-default-5.14.21-150400.24.11.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.11.1 reiserfs-kmp-default-5.14.21-150400.24.11.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.11.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.11.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.11.1 kernel-kvmsmall-devel-5.14.21-150400.24.11.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.11.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.11.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.11.1 kernel-debug-debuginfo-5.14.21-150400.24.11.1 kernel-debug-debugsource-5.14.21-150400.24.11.1 kernel-debug-devel-5.14.21-150400.24.11.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.11.1 kernel-debug-livepatch-devel-5.14.21-150400.24.11.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.11.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 dlm-kmp-64kb-5.14.21-150400.24.11.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 dtb-allwinner-5.14.21-150400.24.11.1 dtb-altera-5.14.21-150400.24.11.1 dtb-amazon-5.14.21-150400.24.11.1 dtb-amd-5.14.21-150400.24.11.1 dtb-amlogic-5.14.21-150400.24.11.1 dtb-apm-5.14.21-150400.24.11.1 dtb-apple-5.14.21-150400.24.11.1 dtb-arm-5.14.21-150400.24.11.1 dtb-broadcom-5.14.21-150400.24.11.1 dtb-cavium-5.14.21-150400.24.11.1 dtb-exynos-5.14.21-150400.24.11.1 dtb-freescale-5.14.21-150400.24.11.1 dtb-hisilicon-5.14.21-150400.24.11.1 dtb-lg-5.14.21-150400.24.11.1 dtb-marvell-5.14.21-150400.24.11.1 dtb-mediatek-5.14.21-150400.24.11.1 dtb-nvidia-5.14.21-150400.24.11.1 dtb-qcom-5.14.21-150400.24.11.1 dtb-renesas-5.14.21-150400.24.11.1 dtb-rockchip-5.14.21-150400.24.11.1 dtb-socionext-5.14.21-150400.24.11.1 dtb-sprd-5.14.21-150400.24.11.1 dtb-xilinx-5.14.21-150400.24.11.1 gfs2-kmp-64kb-5.14.21-150400.24.11.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 kernel-64kb-5.14.21-150400.24.11.1 kernel-64kb-debuginfo-5.14.21-150400.24.11.1 kernel-64kb-debugsource-5.14.21-150400.24.11.1 kernel-64kb-devel-5.14.21-150400.24.11.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.11.1 kernel-64kb-extra-5.14.21-150400.24.11.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.11.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.11.1 kernel-64kb-optional-5.14.21-150400.24.11.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.11.1 kselftests-kmp-64kb-5.14.21-150400.24.11.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 ocfs2-kmp-64kb-5.14.21-150400.24.11.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 reiserfs-kmp-64kb-5.14.21-150400.24.11.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.11.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.11.1 kernel-docs-5.14.21-150400.24.11.1 kernel-docs-html-5.14.21-150400.24.11.1 kernel-macros-5.14.21-150400.24.11.1 kernel-source-5.14.21-150400.24.11.1 kernel-source-vanilla-5.14.21-150400.24.11.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.11.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.11.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 kernel-default-extra-5.14.21-150400.24.11.1 kernel-default-extra-debuginfo-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 kernel-default-livepatch-5.14.21-150400.24.11.1 kernel-default-livepatch-devel-5.14.21-150400.24.11.1 kernel-livepatch-5_14_21-150400_24_11-default-1-150400.9.5.3 kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-1-150400.9.5.3 kernel-livepatch-SLE15-SP4_Update_1-debugsource-1-150400.9.5.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 reiserfs-kmp-default-5.14.21-150400.24.11.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.11.1 kernel-obs-build-debugsource-5.14.21-150400.24.11.1 kernel-syms-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.11.1 kernel-source-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.11.1 kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6 kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 kernel-default-devel-5.14.21-150400.24.11.1 kernel-default-devel-debuginfo-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.11.1 kernel-64kb-debuginfo-5.14.21-150400.24.11.1 kernel-64kb-debugsource-5.14.21-150400.24.11.1 kernel-64kb-devel-5.14.21-150400.24.11.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.11.1 kernel-macros-5.14.21-150400.24.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.11.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.11.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.11.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.11.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.11.1 dlm-kmp-default-5.14.21-150400.24.11.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.11.1 gfs2-kmp-default-5.14.21-150400.24.11.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debuginfo-5.14.21-150400.24.11.1 kernel-default-debugsource-5.14.21-150400.24.11.1 ocfs2-kmp-default-5.14.21-150400.24.11.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.11.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-4204.html https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45402.html https://www.suse.com/security/cve/CVE-2022-0264.html https://www.suse.com/security/cve/CVE-2022-0494.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-1508.html https://www.suse.com/security/cve/CVE-2022-1651.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1671.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1789.html https://www.suse.com/security/cve/CVE-2022-1852.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1998.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-23222.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-29582.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-30594.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33743.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1118212 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1179439 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1183682 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1189998 https://bugzilla.suse.com/1190137 https://bugzilla.suse.com/1190208 https://bugzilla.suse.com/1190336 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1190768 https://bugzilla.suse.com/1190786 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1191663 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193064 https://bugzilla.suse.com/1193277 https://bugzilla.suse.com/1193289 https://bugzilla.suse.com/1193431 https://bugzilla.suse.com/1193556 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1193640 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1193823 https://bugzilla.suse.com/1193852 https://bugzilla.suse.com/1194086 https://bugzilla.suse.com/1194111 https://bugzilla.suse.com/1194191 https://bugzilla.suse.com/1194409 https://bugzilla.suse.com/1194501 https://bugzilla.suse.com/1194523 https://bugzilla.suse.com/1194526 https://bugzilla.suse.com/1194583 https://bugzilla.suse.com/1194585 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1194765 https://bugzilla.suse.com/1194826 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195099 https://bugzilla.suse.com/1195287 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195669 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195826 https://bugzilla.suse.com/1195913 https://bugzilla.suse.com/1195915 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1195944 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196130 https://bugzilla.suse.com/1196213 https://bugzilla.suse.com/1196306 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196779 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196866 https://bugzilla.suse.com/1196868 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1196930 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196960 https://bugzilla.suse.com/1197016 https://bugzilla.suse.com/1197157 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197292 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197303 https://bugzilla.suse.com/1197304 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197386 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197761 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1197915 https://bugzilla.suse.com/1197917 https://bugzilla.suse.com/1197918 https://bugzilla.suse.com/1197920 https://bugzilla.suse.com/1197921 https://bugzilla.suse.com/1197922 https://bugzilla.suse.com/1197926 https://bugzilla.suse.com/1198009 https://bugzilla.suse.com/1198010 https://bugzilla.suse.com/1198012 https://bugzilla.suse.com/1198013 https://bugzilla.suse.com/1198014 https://bugzilla.suse.com/1198015 https://bugzilla.suse.com/1198016 https://bugzilla.suse.com/1198017 https://bugzilla.suse.com/1198018 https://bugzilla.suse.com/1198019 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198021 https://bugzilla.suse.com/1198022 https://bugzilla.suse.com/1198023 https://bugzilla.suse.com/1198024 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198034 https://bugzilla.suse.com/1198058 https://bugzilla.suse.com/1198217 https://bugzilla.suse.com/1198379 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198402 https://bugzilla.suse.com/1198410 https://bugzilla.suse.com/1198412 https://bugzilla.suse.com/1198413 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198585 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198802 https://bugzilla.suse.com/1198803 https://bugzilla.suse.com/1198806 https://bugzilla.suse.com/1198811 https://bugzilla.suse.com/1198826 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1198835 https://bugzilla.suse.com/1198968 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199011 https://bugzilla.suse.com/1199024 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199046 https://bugzilla.suse.com/1199052 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199163 https://bugzilla.suse.com/1199173 https://bugzilla.suse.com/1199260 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199390 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199433 https://bugzilla.suse.com/1199439 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199611 https://bugzilla.suse.com/1199626 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1199674 https://bugzilla.suse.com/1199736 https://bugzilla.suse.com/1199793 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1199875 https://bugzilla.suse.com/1199909 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200019 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200046 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200205 https://bugzilla.suse.com/1200211 https://bugzilla.suse.com/1200259 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200284 https://bugzilla.suse.com/1200315 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200420 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200475 https://bugzilla.suse.com/1200502 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200569 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200611 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200763 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200808 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200812 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200815 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200824 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200827 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200830 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200882 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201218 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201228 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201471 https://bugzilla.suse.com/1201524 From sle-updates at lists.suse.com Fri Jul 22 07:30:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:30:46 +0200 (CEST) Subject: SUSE-CU-2022:1578-1: Recommended update of suse/sle15 Message-ID: <20220722073046.4C60EFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1578-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.165 Container Release : 9.5.165 Severity : important Type : recommended References : 1148309 1191502 1195529 1200170 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) The following package changes have been done: - libsystemd0-234-150000.24.111.1 updated - libudev1-234-150000.24.111.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:32:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:32:52 +0200 (CEST) Subject: SUSE-CU-2022:1580-1: Recommended update of bci/bci-minimal Message-ID: <20220722073252.88533FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1580-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.29.17 Container Release : 29.17 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - container:micro-image-15.3.0-19.7 updated From sle-updates at lists.suse.com Fri Jul 22 07:37:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:37:27 +0200 (CEST) Subject: SUSE-CU-2022:1581-1: Recommended update of bci/nodejs Message-ID: <20220722073727.CD46CFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1581-1 Container Tags : bci/node:12 , bci/node:12-16.103 , bci/nodejs:12 , bci/nodejs:12-16.103 Container Release : 16.103 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198507 1198732 1200170 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers The following package changes have been done: - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - container:sles15-image-15.0.0-17.20.2 updated From sle-updates at lists.suse.com Fri Jul 22 07:47:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:47:18 +0200 (CEST) Subject: SUSE-CU-2022:1582-1: Recommended update of suse/sle15 Message-ID: <20220722074718.ACAEDFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1582-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.2 , suse/sle15:15.3 , suse/sle15:15.3.17.20.2 Container Release : 17.20.2 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1194708 1195157 1197570 1198507 1198732 1200170 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers The following package changes have been done: - curl-7.66.0-150200.4.36.1 added - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - timezone-2022a-150000.75.7.1 added From sle-updates at lists.suse.com Fri Jul 22 07:47:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:47:25 +0200 (CEST) Subject: SUSE-CU-2022:1583-1: Recommended update of suse/sle15 Message-ID: <20220722074725.5614AFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1583-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.3 , suse/sle15:15.3 , suse/sle15:15.3.17.20.3 Container Release : 17.20.3 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:47:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:47:52 +0200 (CEST) Subject: SUSE-CU-2022:1584-1: Recommended update of suse/389-ds Message-ID: <20220722074752.B6A97FDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1584-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.23 , suse/389-ds:latest Container Release : 14.23 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:48:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:48:32 +0200 (CEST) Subject: SUSE-CU-2022:1586-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220722074832.D738DFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1586-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.9 , bci/dotnet-aspnet:3.1.27 , bci/dotnet-aspnet:3.1.27-18.9 Container Release : 18.9 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:48:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:48:57 +0200 (CEST) Subject: SUSE-CU-2022:1587-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220722074857.57462FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1587-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.17 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.17 Container Release : 10.17 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:49:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:49:00 +0200 (CEST) Subject: SUSE-CU-2022:1588-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220722074900.B9B15FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1588-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.20 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.20 Container Release : 10.20 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:49:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:49:25 +0200 (CEST) Subject: SUSE-CU-2022:1589-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220722074925.95075FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1589-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.6 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.6 , bci/dotnet-aspnet:latest Container Release : 19.6 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:49:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:49:28 +0200 (CEST) Subject: SUSE-CU-2022:1590-1: Security update of bci/bci-busybox Message-ID: <20220722074928.4D760FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1590-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.10.4 , bci/bci-busybox:latest Container Release : 10.4 Severity : important Type : security References : 1197718 1199140 1199232 1200334 1200855 1200855 1201560 1201640 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:50:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:50:09 +0200 (CEST) Subject: SUSE-CU-2022:1591-1: Recommended update of bci/dotnet-sdk Message-ID: <20220722075009.C04E7FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1591-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-18.8 , bci/dotnet-sdk:3.1.27 , bci/dotnet-sdk:3.1.27-18.8 Container Release : 18.8 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:50:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:50:37 +0200 (CEST) Subject: SUSE-CU-2022:1592-1: Recommended update of bci/dotnet-sdk Message-ID: <20220722075037.EBE57FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1592-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.19 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.19 Container Release : 10.19 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:51:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:51:05 +0200 (CEST) Subject: SUSE-CU-2022:1593-1: Recommended update of bci/dotnet-sdk Message-ID: <20220722075105.759D7FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1593-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.8 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.8 , bci/dotnet-sdk:latest Container Release : 21.8 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:51:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:51:37 +0200 (CEST) Subject: SUSE-CU-2022:1594-1: Recommended update of bci/dotnet-runtime Message-ID: <20220722075137.2E25FFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1594-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-17.8 , bci/dotnet-runtime:3.1.27 , bci/dotnet-runtime:3.1.27-17.8 Container Release : 17.8 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:52:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:52:03 +0200 (CEST) Subject: SUSE-CU-2022:1595-1: Recommended update of bci/dotnet-runtime Message-ID: <20220722075203.6DCA9FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1595-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.19 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.19 Container Release : 10.19 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:52:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:52:28 +0200 (CEST) Subject: SUSE-CU-2022:1596-1: Recommended update of bci/dotnet-runtime Message-ID: <20220722075228.01D43FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1596-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-18.8 , bci/dotnet-runtime:6.0.7 , bci/dotnet-runtime:6.0.7-18.8 , bci/dotnet-runtime:latest Container Release : 18.8 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:53:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:53:04 +0200 (CEST) Subject: SUSE-CU-2022:1597-1: Recommended update of bci/golang Message-ID: <20220722075304.CAB60FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1597-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.18 Container Release : 13.18 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:53:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:53:40 +0200 (CEST) Subject: SUSE-CU-2022:1598-1: Recommended update of bci/golang Message-ID: <20220722075340.CE054FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1598-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.18 Container Release : 12.18 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 07:53:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:53:46 +0200 (CEST) Subject: SUSE-CU-2022:1599-1: Recommended update of bci/golang Message-ID: <20220722075346.706DFFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1599-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.20 Container Release : 12.20 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - glibc-devel-2.31-150300.37.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 07:53:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 09:53:56 +0200 (CEST) Subject: SUSE-CU-2022:1600-1: Recommended update of bci/bci-micro Message-ID: <20220722075356.B303DFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1600-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.13.4 , bci/bci-micro:latest Container Release : 13.4 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:26:25 +0200 (CEST) Subject: SUSE-IU-2022:953-1: Security update of suse-sles-15-sp4-chost-byos-v20220718-x86_64-gen2 Message-ID: <20220722082625.AC93CFDCF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220718-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:953-1 Image Tags : suse-sles-15-sp4-chost-byos-v20220718-x86_64-gen2:20220718 Image Release : Severity : important Type : security References : 1027519 1080338 1118508 1173429 1185637 1192051 1192449 1195896 1196025 1196026 1196168 1196169 1196171 1196224 1196308 1196784 1196788 1197216 1197443 1197718 1197995 1198255 1198331 1198457 1198511 1198939 1199140 1199166 1199232 1199232 1199247 1199264 1199362 1199460 1199565 1199652 1199756 1199965 1199966 1200088 1200145 1200278 1200334 1200550 1200734 1200735 1200736 1200737 1200802 1200855 1201099 CVE-2015-20107 CVE-2020-25659 CVE-2021-3670 CVE-2022-1292 CVE-2022-1348 CVE-2022-1586 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-27239 CVE-2022-29162 CVE-2022-29217 CVE-2022-31030 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20220718-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2296-1 Released: Wed Jul 6 13:35:00 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2300-1 Released: Wed Jul 6 13:36:19 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1198457,1199264 This update for open-iscsi fixes the following issues: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) - Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2307-1 Released: Wed Jul 6 14:04:19 2022 Summary: Security update for ldb, samba Type: security Severity: moderate References: 1080338,1118508,1173429,1195896,1196224,1196308,1196788,1197995,1198255,1199247,1199362,CVE-2021-3670 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1198331,CVE-2020-25659 This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2378-1 Released: Wed Jul 13 10:27:03 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2396-1 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2426-1 Released: Mon Jul 18 09:27:51 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) The following package changes have been done: - cifs-utils-6.15-150400.3.6.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.79.1-150400.5.3.1 updated - docker-20.10.17_ce-150000.166.1 updated - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - libaugeas0-1.12.0-150400.3.3.6 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libldb2-2.4.2-150400.4.3.11 updated - libopeniscsiusr0_2_0-2.1.7-150400.39.3.1 updated - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - logrotate-3.18.1-150400.3.7.1 updated - open-iscsi-2.1.7-150400.39.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-cryptography-3.3.2-150400.16.3.1 updated - python3-3.6.15-150300.10.27.1 updated - rsyslog-8.2106.0-150400.5.3.1 updated - runc-1.1.3-150000.30.1 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - xen-libs-4.16.1_04-150400.4.5.2 updated From sle-updates at lists.suse.com Fri Jul 22 08:26:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:26:39 +0200 (CEST) Subject: SUSE-IU-2022:954-1: Security update of suse-sles-15-sp4-chost-byos-v20220718-hvm-ssd-x86_64 Message-ID: <20220722082639.766C4FDCF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220718-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:954-1 Image Tags : suse-sles-15-sp4-chost-byos-v20220718-hvm-ssd-x86_64:20220718 Image Release : Severity : important Type : security References : 1027519 1080338 1118508 1173429 1185637 1192051 1192449 1195896 1196025 1196026 1196168 1196169 1196171 1196224 1196308 1196784 1196788 1197216 1197443 1197718 1197995 1198255 1198331 1198457 1198511 1198939 1199140 1199166 1199232 1199232 1199247 1199264 1199362 1199460 1199565 1199652 1199756 1199965 1199966 1200088 1200145 1200278 1200334 1200550 1200734 1200735 1200736 1200737 1200802 1200855 1201099 CVE-2015-20107 CVE-2020-25659 CVE-2021-3670 CVE-2022-1292 CVE-2022-1348 CVE-2022-1586 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-27239 CVE-2022-29162 CVE-2022-29217 CVE-2022-31030 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20220718-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2296-1 Released: Wed Jul 6 13:35:00 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2300-1 Released: Wed Jul 6 13:36:19 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1198457,1199264 This update for open-iscsi fixes the following issues: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) - Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2307-1 Released: Wed Jul 6 14:04:19 2022 Summary: Security update for ldb, samba Type: security Severity: moderate References: 1080338,1118508,1173429,1195896,1196224,1196308,1196788,1197995,1198255,1199247,1199362,CVE-2021-3670 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate References: 1198331,CVE-2020-25659 This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2378-1 Released: Wed Jul 13 10:27:03 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2396-1 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2426-1 Released: Mon Jul 18 09:27:51 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) The following package changes have been done: - cifs-utils-6.15-150400.3.6.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.79.1-150400.5.3.1 updated - docker-20.10.17_ce-150000.166.1 updated - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - libaugeas0-1.12.0-150400.3.3.6 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libldb2-2.4.2-150400.4.3.11 updated - libopeniscsiusr0_2_0-2.1.7-150400.39.3.1 updated - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - logrotate-3.18.1-150400.3.7.1 updated - open-iscsi-2.1.7-150400.39.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-cryptography-3.3.2-150400.16.3.1 updated - python3-3.6.15-150300.10.27.1 updated - rsyslog-8.2106.0-150400.5.3.1 updated - runc-1.1.3-150000.30.1 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - xen-libs-4.16.1_04-150400.4.5.2 updated - xen-tools-domU-4.16.1_04-150400.4.5.2 updated From sle-updates at lists.suse.com Fri Jul 22 08:26:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:26:51 +0200 (CEST) Subject: SUSE-IU-2022:955-1: Security update of sles-15-sp4-chost-byos-v20220718-x86-64 Message-ID: <20220722082651.1283CFDCF@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20220718-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:955-1 Image Tags : sles-15-sp4-chost-byos-v20220718-x86-64:20220718 Image Release : Severity : important Type : security References : 1027519 1080338 1118508 1173429 1185637 1192051 1192449 1195896 1196025 1196026 1196168 1196169 1196171 1196224 1196308 1196784 1196788 1197216 1197443 1197718 1197995 1198255 1198457 1198511 1198939 1199140 1199166 1199232 1199232 1199247 1199264 1199362 1199460 1199565 1199652 1199965 1199966 1200088 1200145 1200278 1200334 1200550 1200734 1200735 1200736 1200737 1200802 1200855 1201099 CVE-2015-20107 CVE-2021-3670 CVE-2022-1292 CVE-2022-1348 CVE-2022-1586 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-27239 CVE-2022-29162 CVE-2022-31030 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20220718-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2296-1 Released: Wed Jul 6 13:35:00 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2300-1 Released: Wed Jul 6 13:36:19 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1198457,1199264 This update for open-iscsi fixes the following issues: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) - Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2307-1 Released: Wed Jul 6 14:04:19 2022 Summary: Security update for ldb, samba Type: security Severity: moderate References: 1080338,1118508,1173429,1195896,1196224,1196308,1196788,1197995,1198255,1199247,1199362,CVE-2021-3670 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2378-1 Released: Wed Jul 13 10:27:03 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2396-1 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2426-1 Released: Mon Jul 18 09:27:51 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) The following package changes have been done: - cifs-utils-6.15-150400.3.6.1 updated - containerd-ctr-1.6.6-150000.73.2 updated - containerd-1.6.6-150000.73.2 updated - curl-7.79.1-150400.5.3.1 updated - docker-20.10.17_ce-150000.166.1 updated - glibc-locale-base-2.31-150300.31.2 updated - glibc-locale-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - libaugeas0-1.12.0-150400.3.3.6 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libldb2-2.4.2-150400.4.3.11 updated - libopeniscsiusr0_2_0-2.1.7-150400.39.3.1 updated - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - logrotate-3.18.1-150400.3.7.1 updated - open-iscsi-2.1.7-150400.39.3.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated - rsyslog-8.2106.0-150400.5.3.1 updated - runc-1.1.3-150000.30.1 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - xen-libs-4.16.1_04-150400.4.5.2 updated From sle-updates at lists.suse.com Fri Jul 22 08:40:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:40:31 +0200 (CEST) Subject: SUSE-CU-2022:1600-1: Recommended update of bci/bci-micro Message-ID: <20220722084031.25AA2FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1600-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.13.4 , bci/bci-micro:latest Container Release : 13.4 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:40:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:40:38 +0200 (CEST) Subject: SUSE-CU-2022:1601-1: Security update of bci/bci-minimal Message-ID: <20220722084038.5CC72FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1601-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.13.10 , bci/bci-minimal:latest Container Release : 13.10 Severity : important Type : security References : 1193282 1197718 1199140 1199232 1200334 1200855 1200855 1201560 1201640 CVE-2022-1586 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:micro-image-15.4.0-13.4 updated From sle-updates at lists.suse.com Fri Jul 22 08:40:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:40:59 +0200 (CEST) Subject: SUSE-CU-2022:1602-1: Recommended update of bci/nodejs Message-ID: <20220722084059.8FB04FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1602-1 Container Tags : bci/node:14 , bci/node:14-13.19 , bci/nodejs:14 , bci/nodejs:14-13.19 Container Release : 13.19 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:41:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:41:03 +0200 (CEST) Subject: SUSE-CU-2022:1603-1: Recommended update of bci/nodejs Message-ID: <20220722084103.73DC7FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1603-1 Container Tags : bci/node:14 , bci/node:14-13.21 , bci/nodejs:14 , bci/nodejs:14-13.21 Container Release : 13.21 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 08:41:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:41:24 +0200 (CEST) Subject: SUSE-CU-2022:1604-1: Recommended update of bci/nodejs Message-ID: <20220722084124.13376FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1604-1 Container Tags : bci/node:16 , bci/node:16-8.17 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.17 , bci/nodejs:latest Container Release : 8.17 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:41:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:41:28 +0200 (CEST) Subject: SUSE-CU-2022:1605-1: Security update of bci/nodejs Message-ID: <20220722084128.AB3EBFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1605-1 Container Tags : bci/node:16 , bci/node:16-8.19 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.19 , bci/nodejs:latest Container Release : 8.19 Severity : important Type : security References : 1193282 1200855 1201325 1201326 1201327 1201328 1201560 1201640 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2491-1 Released: Thu Jul 21 14:34:35 2022 Summary: Security update for nodejs16 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - nodejs16-16.16.0-150400.3.3.2 updated - npm16-16.16.0-150400.3.3.2 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 08:42:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:42:28 +0200 (CEST) Subject: SUSE-CU-2022:1606-1: Recommended update of bci/openjdk-devel Message-ID: <20220722084228.98806FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1606-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.35 , bci/openjdk-devel:latest Container Release : 14.35 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:bci-openjdk-11-11-12.17 updated From sle-updates at lists.suse.com Fri Jul 22 08:42:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:42:53 +0200 (CEST) Subject: SUSE-CU-2022:1607-1: Recommended update of bci/openjdk Message-ID: <20220722084253.7B6B9FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1607-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.17 , bci/openjdk:latest Container Release : 12.17 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libsystemd0-249.11-150400.8.5.1 updated - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-27.11.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:42:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:42:58 +0200 (CEST) Subject: SUSE-CU-2022:1608-1: Recommended update of bci/openjdk Message-ID: <20220722084258.F388CFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1608-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.19 , bci/openjdk:latest Container Release : 12.19 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 08:43:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:43:20 +0200 (CEST) Subject: SUSE-CU-2022:1609-1: Recommended update of suse/pcp Message-ID: <20220722084320.8B6E1FDDB@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1609-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-7.34 , suse/pcp:latest Container Release : 7.34 Severity : important Type : recommended References : 1137373 1181658 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - systemd-249.11-150400.8.5.1 updated - container:bci-bci-init-15.4-15.4-19.8 updated From sle-updates at lists.suse.com Fri Jul 22 08:43:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:43:45 +0200 (CEST) Subject: SUSE-CU-2022:1610-1: Recommended update of bci/python Message-ID: <20220722084345.B8BBAFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1610-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.20 , bci/python:latest Container Release : 4.20 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.4 updated From sle-updates at lists.suse.com Fri Jul 22 08:44:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:44:05 +0200 (CEST) Subject: SUSE-CU-2022:1611-1: Recommended update of bci/python Message-ID: <20220722084405.42050FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1611-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.19 Container Release : 12.19 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1201276 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.2 updated From sle-updates at lists.suse.com Fri Jul 22 08:44:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:44:52 +0200 (CEST) Subject: SUSE-CU-2022:1612-1: Recommended update of bci/ruby Message-ID: <20220722084452.52589FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1612-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.15 , bci/ruby:latest Container Release : 10.15 Severity : important Type : recommended References : 1137373 1181658 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - glibc-devel-2.31-150300.37.1 updated - container:sles15-image-15.0.0-27.11.2 updated From sle-updates at lists.suse.com Fri Jul 22 08:47:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:47:02 +0200 (CEST) Subject: SUSE-CU-2022:1615-1: Security update of trento/trento-db Message-ID: <20220722084702.79B00FDCF@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1615-1 Container Tags : trento/trento-db:14.3 , trento/trento-db:14.3-rev1.0.0 , trento/trento-db:14.3-rev1.0.0-build2.2.114 , trento/trento-db:latest Container Release : 2.2.114 Severity : important Type : security References : 1040589 1137373 1181658 1185637 1191157 1192951 1193489 1193659 1194708 1195157 1195283 1195628 1196107 1196490 1196861 1197004 1197065 1197570 1197718 1197771 1197794 1198062 1198090 1198114 1198176 1198446 1198507 1198614 1198723 1198732 1198751 1198766 1198922 1199132 1199140 1199166 1199223 1199224 1199232 1199232 1199240 1199475 1200170 1200334 1200550 1200735 1200737 1200855 1200855 1201099 1201560 1201640 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1552 CVE-2022-1586 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1770-1 Released: Fri May 20 14:36:30 2022 Summary: Recommended update for skelcd, sles15-image Type: recommended Severity: moderate References: This update for skelcd, sles15-image fixes the following issues: Changes in skelcd: - Ship skelcd-EULA-bci for SLE BCI EULA (jsc#BCI-10) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1908-1 Released: Wed Jun 1 15:31:33 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.3.1 updated - libpcre1-8.45-150000.20.13.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libudev1-246.16-150300.7.45.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libsystemd0-246.16-150300.7.45.1 updated - grep-3.1-150000.4.6.1 updated - pam-1.3.0-150000.6.58.3 updated - glibc-locale-base-2.31-150300.37.1 updated - gzip-1.10-150200.10.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libpq5-14.3-150200.5.12.2 updated - glibc-locale-2.31-150300.37.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - postgresql14-14.3-150200.5.12.2 updated - systemd-246.16-150300.7.48.1 updated - udev-246.16-150300.7.48.1 updated - postgresql14-server-14.3-150200.5.12.2 updated - container:sles15-image-15.0.0-17.18.1 updated From sle-updates at lists.suse.com Fri Jul 22 08:48:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:48:01 +0200 (CEST) Subject: SUSE-CU-2022:1616-1: Security update of trento/trento-runner Message-ID: <20220722084801.7EBBCFDCF@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1616-1 Container Tags : trento/trento-runner:1.0.1 , trento/trento-runner:1.0.1-build4.16.1 , trento/trento-runner:latest Container Release : 4.16.1 Severity : important Type : security References : 1040589 1180065 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1182345 1183043 1183333 1183334 1185637 1185790 1186622 1187443 1187444 1187445 1188229 1189162 1190589 1191157 1191468 1191908 1192377 1192378 1192951 1193489 1193597 1193598 1193659 1195283 1195834 1195835 1195838 1196490 1196732 1196861 1197004 1197065 1197716 1197718 1197743 1197771 1197794 1198090 1198114 1198176 1198422 1198446 1198458 1198511 1198614 1198723 1198751 1198766 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1200334 1200550 1200735 1200737 1200855 1200855 1201099 1201560 1201640 CVE-2015-20107 CVE-2020-29362 CVE-2021-27918 CVE-2021-27919 CVE-2021-31525 CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 CVE-2021-36221 CVE-2021-38297 CVE-2021-39293 CVE-2021-41771 CVE-2021-41772 CVE-2021-44716 CVE-2021-44717 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24921 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:604-1 Released: Thu Feb 25 13:58:04 2021 Summary: Recommended update for go1.16 Type: recommended Severity: moderate References: 1182345 This update brings go1.16 to the Development Tools Module. go1.16 (released 2021-02-16) Go 1.16 is a major release of Go. go1.16.x minor releases will be provided through February 2022. See https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.16. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module-aware mode is enabled by default, regardless of whether a go.mod file is present in the current working directory or a parent directory. More precisely, the GO111MODULE environment variable now defaults to on. To switch to the previous behavior, set GO111MODULE to auto. * Build commands like go build and go test no longer modify go.mod and go.sum by default. Instead, they report an error if a module requirement or checksum needs to be added or updated (as if the -mod=readonly flag were used). Module requirements and sums may be adjusted with go mod tidy or go get. * go install now accepts arguments with version suffixes (for example, go install example.com/cmd at v1.0.0). This causes go install to build and install packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for installing executables without affecting the dependencies of the main module. * go install, with or without a version suffix (as described above), is now the recommended way to build and install packages in module mode. go get should be used with the -d flag to adjust the current module's dependencies without building packages, and use of go get to build and install packages is deprecated. In a future release, the -d flag will always be enabled. * retract directives may now be used in a go.mod file to indicate that certain published versions of the module should not be used by other modules. A module author may retract a version after a severe problem is discovered or if the version was published unintentionally. * The go mod vendor and go mod tidy subcommands now accept the -e flag, which instructs them to proceed despite errors in resolving missing packages. * The go command now ignores requirements on module versions excluded by exclude directives in the main module. Previously, the go command used the next version higher than an excluded version, but that version could change over time, resulting in non-reproducible builds. * In module mode, the go command now disallows import paths that include non-ASCII characters or path elements with a leading dot character (.). Module paths with these characters were already disallowed (see Module paths and versions), so this change affects only paths within module subdirectories. * The go command now supports including static files and file trees as part of the final executable, using the new //go:embed directive. See the documentation for the new embed package for details. * When using go test, a test that calls os.Exit(0) during execution of a test function will now be considered to fail. This will help catch cases in which a test calls code that calls os.Exit(0) and thereby stops running all future tests. If a TestMain function calls os.Exit(0) that is still considered to be a passing test. * go test reports an error when the -c or -i flags are used together with unknown flags. Normally, unknown flags are passed to tests, but when -c or -i are used, tests are not run. * The go get -insecure flag is deprecated and will be removed in a future version. This flag permits fetching from repositories and resolving custom domains using insecure schemes such as HTTP, and also bypasses module sum validation using the checksum database. To permit the use of insecure schemes, use the GOINSECURE environment variable instead. To bypass module sum validation, use GOPRIVATE or GONOSUMDB. See go help environment for details. * go get example.com/mod at patch now requires that some version of example.com/mod already be required by the main module. (However, go get -u=patch continues to patch even newly-added dependencies.) * GOVCS is a new environment variable that limits which version control tools the go command may use to download source code. This mitigates security issues with tools that are typically used in trusted, authenticated environments. By default, git and hg may be used to download code from any repository. svn, bzr, and fossil may only be used to download code from repositories with module paths or package paths matching patterns in the GOPRIVATE environment variable. See go help vcs for details. * When the main module's go.mod file declares go 1.16 or higher, the all package pattern now matches only those packages that are transitively imported by a package or test found in the main module. (Packages imported by tests of packages imported by the main module are no longer included.) This is the same set of packages retained by go mod vendor since Go 1.11. * When the -toolexec build flag is specified to use a program when invoking toolchain programs like compile or asm, the environment variable TOOLEXEC_IMPORTPATH is now set to the import path of the package being built. * The -i flag accepted by go build, go install, and go test is now deprecated. The -i flag instructs the go command to install packages imported by packages named on the command line. Since the build cache was introduced in Go 1.10, the -i flag no longer has a significant effect on build times, and it causes errors when the install directory is not writable. * When the -export flag is specified, the BuildID field is now set to the build ID of the compiled package. This is equivalent to running go tool buildid on go list -exported -f {{.Export}}, but without the extra step. * The -overlay flag specifies a JSON configuration file containing a set of file path replacements. The -overlay flag may be used with all build commands and go mod subcommands. It is primarily intended to be used by editor tooling such as gopls to understand the effects of unsaved changes to source files. The config file maps actual file paths to replacement file paths and the go command and its builds will run as if the actual file paths exist with the contents given by the replacement file paths, or don't exist if the replacement file paths are empty. * The cgo tool will no longer try to translate C struct bitfields into Go struct fields, even if their size can be represented in Go. The order in which C bitfields appear in memory is implementation dependent, so in some cases the cgo tool produced results that were silently incorrect. * The linux/riscv64 port now supports cgo and -buildmode=pie. This release also includes performance optimizations and code generation improvements for RISC-V. * The new runtime/metrics package introduces a stable interface for reading implementation-defined metrics from the Go runtime. It supersedes existing functions like runtime.ReadMemStats and debug.GCStats and is significantly more general and efficient. See the package documentation for more details. * Setting the GODEBUG environment variable to inittrace=1 now causes the runtime to emit a single line to standard error for each package init, summarizing its execution time and memory allocation. This trace can be used to find bottlenecks or regressions in Go startup performance. The GODEBUG documentation describes the format. * On Linux, the runtime now defaults to releasing memory to the operating system promptly (using MADV_DONTNEED), rather than lazily when the operating system is under memory pressure (using MADV_FREE). This means process-level memory statistics like RSS will more accurately reflect the amount of physical memory being used by Go processes. Systems that are currently using GODEBUG=madvdontneed=1 to improve memory monitoring behavior no longer need to set this environment variable. * Go 1.16 fixes a discrepancy between the race detector and the Go memory model. The race detector now more precisely follows the channel synchronization rules of the memory model. As a result, the detector may now report races it previously missed. * linker: This release includes additional improvements to the Go linker, reducing linker resource usage (both time and memory) and improving code robustness/maintainability. These changes form the second half of a two-release project to modernize the Go linker. * The linker changes in 1.16 extend the 1.15 improvements to all supported architecture/OS combinations (the 1.15 performance improvements were primarily focused on ELF-based OSes and amd64 architectures). For a representative set of large Go programs, linking is 20-25% faster than 1.15 and requires 5-15% less memory on average for linux/amd64, with larger improvements for other architectures and OSes. Most binaries are also smaller as a result of more aggressive symbol pruning. * The new embed package provides access to files embedded in the program during compilation using the new //go:embed directive. * The new io/fs package defines the fs.FS interface, an abstraction for read-only trees of files. The standard library packages have been adapted to make use of the interface as appropriate. * For testing code that implements fs.FS, the new testing/fstest package provides a TestFS function that checks for and reports common mistakes. It also provides a simple in-memory file system implementation, MapFS, which can be useful for testing code that accepts fs.FS implementations. * syscall: On Linux, Setgid, Setuid, and related calls are now implemented. Previously, they returned an syscall.EOPNOTSUPP error. On Linux, the new functions AllThreadsSyscall and AllThreadsSyscall6 may be used to make a system call on all Go threads in the process. These functions may only be used by programs that do not use cgo; if a program uses cgo, they will always return syscall.ENOTSUP. * time/tzdata: The slim timezone data format is now used for the timezone database in $GOROOT/lib/time/zoneinfo.zip and the embedded copy in this package. This reduces the size of the timezone database by about 350 KB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:937-1 Released: Wed Mar 24 12:22:21 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1183333,1183334,CVE-2021-27918,CVE-2021-27919 This update for go1.16 fixes the following issues: - go1.16.2 (released 2021-03-11) (bsc#1182345) - go1.16.1 (released 2021-03-10) (bsc#1182345) - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333). - CVE-2021-27919: Fixed an issue where archive/zip: can panic when calling Reader.Open (bsc#1183334). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1202-1 Released: Thu Apr 15 15:11:29 2021 Summary: Recommended update for go1.16 Type: recommended Severity: moderate References: 1182345 This update for go1.16 fixes the following issues: - Updated to upstream version 1.16.3 to include fixes for the compiler, linker, runtime, the go command, and the testing and time packages (bsc#1182345) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2085-1 Released: Fri Jun 18 17:21:29 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1185790,CVE-2021-31525 This update for go1.16 fixes the following issues: - Updated go to upstream version 1.16.4 (released 2021-05-06) (bsc#1182345). - CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2186-1 Released: Mon Jun 28 18:23:20 2021 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1186622,1187443,1187444,1187445,CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198 This update for go1.16 fixes the following issues: Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names (bsc#1187443). - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (bsc#1186622). - CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty (bsc#1187444) - CVE-2021-33198: math/big: (*Rat).SetString with '1.770p02041010010011001001' crashes with 'makeslice: len out of range' (bsc#1187445). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2392-1 Released: Mon Jul 19 08:50:19 2021 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1188229,CVE-2021-34558 This update for go1.16 fixes the following issues: go1.16.6 (released 2021-07-12, bsc#1182345) includes a security fix to the crypto/tls package, as well as bug fixes to the compiler, and the net and net/http packages. Security issue fixed: CVE-2021-34558: Fixed crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (bsc#1188229) go1.16 release: * bsc#1188229 go#47143 CVE-2021-34558 * go#47145 security: fix CVE-2021-34558 * go#46999 net: LookupMX behaviour broken * go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46657 runtime: deeply nested struct initialized with non-zero values * go#44984 net/http: server not setting Content-Length in certain cases ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2788-1 Released: Fri Aug 20 10:06:08 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1189162,CVE-2021-36221 This update for go1.16 fixes the following issues: Update to go1.16.7: - go#47473 net/http: panic due to racy read of persistConn after handler panic (CVE-2021-36221 bsc#1189162) - go#47348 cmd/go: 'go list -f '{{.Stale}}'' stack overflow with cyclic imports - go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added - go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero - go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied. - go#46928 cmd/compile: register conflict between external linker and duffzero on arm64 - go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 - go#46551 cmd/go: unhelpful error message when running 'go install' on a replaced-but-not-required package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3292-1 Released: Wed Oct 6 16:46:16 2021 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1190589,CVE-2021-39293 This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. (bas#) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3487-1 Released: Wed Oct 20 16:18:28 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1191468,CVE-2021-38297 This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3834-1 Released: Wed Dec 1 16:05:12 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1192377,1192378,CVE-2021-41771,CVE-2021-41772 This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4169-1 Released: Thu Dec 23 09:52:43 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1193597,1193598,CVE-2021-44716,CVE-2021-44717 This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:87-1 Released: Mon Jan 17 12:50:09 2022 Summary: Recommended update for go1.16 Type: recommended Severity: moderate References: 1182345 This update for go1.16 fixes the following issues: Update to go1.16.13 (bsc#1182345) - it includes fixes to the compiler, linker, runtime, and the net/http package. * x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * runtime/race: building for iOS, but linking in object file built for macOS * runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * runtime: mallocs cause 'base outside usable address space' panic when running on iOS 14 * cmd/link: does not set section type of `.init_array` correctly * cmd/link: support more load commands on `Mach-O` * cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:724-1 Released: Fri Mar 4 10:34:01 2022 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1195834,1195835,1195838,CVE-2022-23772,CVE-2022-23773,CVE-2022-23806 This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing - go#50780 runtime: incorrect frame information in traceback traversal may hang the process. - go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50645 testing: surprising interaction of subtests with TempDir - go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1164-1 Released: Tue Apr 12 15:03:24 2022 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1183043,1196732,CVE-2022-24921 This update for go1.16 fixes the following issues: Update to version 1.16.15 (bsc#1182345): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51331). - Fixed an issue when building source in riscv64 (go#51198). - Increased compatibility for the DNS protocol in the net module (go#51161). - Fixed an issue with histograms in the runtime/metrics module (go#50733). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1770-1 Released: Fri May 20 14:36:30 2022 Summary: Recommended update for skelcd, sles15-image Type: recommended Severity: moderate References: This update for skelcd, sles15-image fixes the following issues: Changes in skelcd: - Ship skelcd-EULA-bci for SLE BCI EULA (jsc#BCI-10) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:49 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.3.1 updated - libpcre1-8.45-150000.20.13.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libudev1-246.16-150300.7.45.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libsystemd0-246.16-150300.7.45.1 updated - grep-3.1-150000.4.6.1 updated - pam-1.3.0-150000.6.58.3 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libctf-nobfd0-2.37-150100.7.37.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - libctf0-2.37-150100.7.37.1 updated - binutils-2.37-150100.7.37.1 updated - glibc-devel-2.31-150300.37.1 updated - go1.16-1.16.15-150000.1.46.1 added - libcbor0-0.5.0-150100.4.6.1 updated - python3-base-3.6.15-150300.10.27.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - python3-3.6.15-150300.10.27.1 updated - container:sles15-image-15.0.0-17.18.1 updated - go-1.17-3.20.1 removed - go1.17-1.17.9-150000.1.31.1 removed From sle-updates at lists.suse.com Fri Jul 22 08:48:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 10:48:53 +0200 (CEST) Subject: SUSE-CU-2022:1617-1: Security update of trento/trento-web Message-ID: <20220722084853.EC907FDCF@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1617-1 Container Tags : trento/trento-web:1.1.0 , trento/trento-web:1.1.0-build4.15.1 , trento/trento-web:latest Container Release : 4.15.1 Severity : important Type : security References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1185637 1188127 1191157 1192951 1193489 1193659 1195283 1195628 1196107 1196490 1196861 1197004 1197065 1197718 1197771 1197794 1198090 1198114 1198176 1198446 1198614 1198723 1198751 1198766 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1200334 1200550 1200735 1200737 1200855 1201099 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1770-1 Released: Fri May 20 14:36:30 2022 Summary: Recommended update for skelcd, sles15-image Type: recommended Severity: moderate References: This update for skelcd, sles15-image fixes the following issues: Changes in skelcd: - Ship skelcd-EULA-bci for SLE BCI EULA (jsc#BCI-10) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.3.1 updated - libpcre1-8.45-150000.20.13.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libudev1-246.16-150300.7.45.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libsystemd0-246.16-150300.7.45.1 updated - grep-3.1-150000.4.6.1 updated - pam-1.3.0-150000.6.58.3 updated - timezone-2022a-150000.75.7.1 added - container:nodejs-16-image-15.0.0-17.18.1 updated - container:sles15-image-15.0.0-17.18.1 updated From sle-updates at lists.suse.com Fri Jul 22 11:39:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 13:39:24 +0200 (CEST) Subject: SUSE-SU-2022:2525-1: important: Security update for webkit2gtk3 Message-ID: <20220722113924.64465FDDB@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2525-1 Rating: important References: #1201221 Cross-References: CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 CVSS scores: CVE-2022-22662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22677 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-26710 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2525=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2525=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2525=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2525=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2525=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2525=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2525=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2525=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2525=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2525=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2525=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2525=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2525=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit-jsc-4-2.36.4-150200.38.2 webkit-jsc-4-debuginfo-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 webkit2gtk3-minibrowser-2.36.4-150200.38.2 webkit2gtk3-minibrowser-debuginfo-2.36.4-150200.38.2 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-32bit-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.4-150200.38.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150200.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-2.36.4-150200.38.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150200.38.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2-4_0-2.36.4-150200.38.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-2.36.4-150200.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150200.38.2 webkit2gtk3-debugsource-2.36.4-150200.38.2 webkit2gtk3-devel-2.36.4-150200.38.2 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.36.4-150200.38.2 References: https://www.suse.com/security/cve/CVE-2022-22662.html https://www.suse.com/security/cve/CVE-2022-22677.html https://www.suse.com/security/cve/CVE-2022-26710.html https://bugzilla.suse.com/1201221 From sle-updates at lists.suse.com Fri Jul 22 11:40:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 13:40:15 +0200 (CEST) Subject: SUSE-SU-2022:2522-1: important: Security update for webkit2gtk3 Message-ID: <20220722114015.86211FDDB@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2522-1 Rating: important References: #1201221 Cross-References: CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 CVSS scores: CVE-2022-22662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22677 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-26710 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2522=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2522=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2522=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2522=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2522=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2522=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2522=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2522=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 webkit2gtk3-devel-2.36.4-2.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-2.102.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-2.102.1 libwebkit2gtk-4_0-37-2.36.4-2.102.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-2.102.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2-4_0-2.36.4-2.102.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-2.36.4-2.102.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-2.102.1 webkit2gtk3-debugsource-2.36.4-2.102.1 webkit2gtk3-devel-2.36.4-2.102.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.4-2.102.1 References: https://www.suse.com/security/cve/CVE-2022-22662.html https://www.suse.com/security/cve/CVE-2022-22677.html https://www.suse.com/security/cve/CVE-2022-26710.html https://bugzilla.suse.com/1201221 From sle-updates at lists.suse.com Fri Jul 22 11:41:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 13:41:06 +0200 (CEST) Subject: SUSE-SU-2022:2523-1: important: Security update for webkit2gtk3 Message-ID: <20220722114106.71A54FDDB@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2523-1 Rating: important References: #1201221 Cross-References: CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 CVSS scores: CVE-2022-22662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22677 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-26710 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2523=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2523=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2523=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-5_0-2.36.4-150400.4.6.2 webkit-jsc-4-2.36.4-150400.4.6.2 webkit-jsc-4-debuginfo-2.36.4-150400.4.6.2 webkit-jsc-4.1-2.36.4-150400.4.6.2 webkit-jsc-4.1-debuginfo-2.36.4-150400.4.6.2 webkit-jsc-5.0-2.36.4-150400.4.6.2 webkit-jsc-5.0-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-devel-2.36.4-150400.4.6.2 webkit2gtk3-minibrowser-2.36.4-150400.4.6.2 webkit2gtk3-minibrowser-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-soup2-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2 webkit2gtk3-soup2-minibrowser-2.36.4-150400.4.6.2 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.4-150400.4.6.2 webkit2gtk4-debugsource-2.36.4-150400.4.6.2 webkit2gtk4-devel-2.36.4-150400.4.6.2 webkit2gtk4-minibrowser-2.36.4-150400.4.6.2 webkit2gtk4-minibrowser-debuginfo-2.36.4-150400.4.6.2 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.4-150400.4.6.2 WebKit2GTK-4.1-lang-2.36.4-150400.4.6.2 WebKit2GTK-5.0-lang-2.36.4-150400.4.6.2 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-32bit-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-32bit-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-32bit-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk4-debugsource-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-devel-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-soup2-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2 References: https://www.suse.com/security/cve/CVE-2022-22662.html https://www.suse.com/security/cve/CVE-2022-22677.html https://www.suse.com/security/cve/CVE-2022-26710.html https://bugzilla.suse.com/1201221 From sle-updates at lists.suse.com Fri Jul 22 11:41:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 13:41:53 +0200 (CEST) Subject: SUSE-SU-2022:2524-1: important: Security update for webkit2gtk3 Message-ID: <20220722114153.7E5A1FDCF@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2524-1 Rating: important References: #1201221 Cross-References: CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 CVSS scores: CVE-2022-22662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22677 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-26710 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2524=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2524=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2524=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2524=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2524=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2524=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2524=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2524=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2524=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2524=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150000.3.106.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-2.36.4-150000.3.106.1 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150000.3.106.1 typelib-1_0-JavaScriptCore-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2-4_0-2.36.4-150000.3.106.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-2.36.4-150000.3.106.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150000.3.106.1 webkit2gtk3-debugsource-2.36.4-150000.3.106.1 webkit2gtk3-devel-2.36.4-150000.3.106.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.36.4-150000.3.106.1 References: https://www.suse.com/security/cve/CVE-2022-22662.html https://www.suse.com/security/cve/CVE-2022-22677.html https://www.suse.com/security/cve/CVE-2022-26710.html https://bugzilla.suse.com/1201221 From sle-updates at lists.suse.com Fri Jul 22 11:42:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 13:42:37 +0200 (CEST) Subject: SUSE-SU-2022:2526-1: critical: Security update for rubygem-rack Message-ID: <20220722114237.A0A7DFDCF@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2526-1 Rating: critical References: #1200748 #1200750 #1201588 Cross-References: CVE-2022-30122 CVE-2022-30123 CVSS scores: CVE-2022-30122 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-30123 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748) - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750) The following non-security bug was fixed: - Fixed a regression in CVE-2022-30122 patch (bsc#1201588). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2526=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2526=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-rack-1.6.13-3.13.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-rack-1.6.13-3.13.1 References: https://www.suse.com/security/cve/CVE-2022-30122.html https://www.suse.com/security/cve/CVE-2022-30123.html https://bugzilla.suse.com/1200748 https://bugzilla.suse.com/1200750 https://bugzilla.suse.com/1201588 From sle-updates at lists.suse.com Fri Jul 22 13:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 15:16:39 +0200 (CEST) Subject: SUSE-SU-2022:2527-1: important: Security update for python-M2Crypto Message-ID: <20220722131639.69910FDCF@maintenance.suse.de> SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2527-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2527=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2527=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2527=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2527=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2527=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2527=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2527=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2527=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 - SUSE OpenStack Cloud 9 (x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-M2Crypto-0.29.0-23.8.1 python-M2Crypto-debuginfo-0.29.0-23.8.1 python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.29.0-23.8.1 python3-M2Crypto-0.29.0-23.8.1 python3-M2Crypto-debuginfo-0.29.0-23.8.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829 From sle-updates at lists.suse.com Fri Jul 22 13:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 15:17:24 +0200 (CEST) Subject: SUSE-RU-2022:2528-1: Recommended update for nvme-cli Message-ID: <20220722131724.40F57FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2528-1 Rating: low References: #1192761 #1198158 #1199670 #1199865 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Don't print error on failed to open in nvme-topology.c (bsc#1198158) - Allow selecting the network interface for connections (bsc#1199670) - Support unique discovery subsystem NQN (bsc#1199865 bsc#1192761) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2528=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2528=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2528=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2528=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.17.1 nvme-cli-debuginfo-1.13-150300.3.17.1 nvme-cli-debugsource-1.13-150300.3.17.1 nvme-cli-regress-script-1.13-150300.3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.17.1 nvme-cli-debuginfo-1.13-150300.3.17.1 nvme-cli-debugsource-1.13-150300.3.17.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.17.1 nvme-cli-debuginfo-1.13-150300.3.17.1 nvme-cli-debugsource-1.13-150300.3.17.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.17.1 nvme-cli-debuginfo-1.13-150300.3.17.1 nvme-cli-debugsource-1.13-150300.3.17.1 References: https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1198158 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199865 From sle-updates at lists.suse.com Fri Jul 22 16:17:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 18:17:19 +0200 (CEST) Subject: SUSE-SU-2022:2529-1: important: Security update for gpg2 Message-ID: <20220722161719.F3ED8FDCF@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2529-1 Rating: important References: #1201225 Cross-References: CVE-2022-34903 CVSS scores: CVE-2022-34903 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-34903 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2529=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2529=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2529=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2529=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2529=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2529=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2529=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE OpenStack Cloud 9 (x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE OpenStack Cloud 9 (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gpg2-lang-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gpg2-2.0.24-9.11.1 gpg2-debuginfo-2.0.24-9.11.1 gpg2-debugsource-2.0.24-9.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gpg2-lang-2.0.24-9.11.1 References: https://www.suse.com/security/cve/CVE-2022-34903.html https://bugzilla.suse.com/1201225 From sle-updates at lists.suse.com Fri Jul 22 19:17:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:17:11 +0200 (CEST) Subject: SUSE-SU-2022:2535-1: important: Security update for git Message-ID: <20220722191711.65067FDCF@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2535-1 Rating: important References: #1200119 #1201431 Cross-References: CVE-2022-29187 CVSS scores: CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2535=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2535=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2535=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2535=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2535=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2535=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2535=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2535=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2535=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2535=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2535=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2535=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.41.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Server 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Manager Retail Branch Server 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Proxy 4.1 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Proxy 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Enterprise Storage 6 (noarch): git-doc-2.26.2-150000.41.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.41.1 References: https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1200119 https://bugzilla.suse.com/1201431 From sle-updates at lists.suse.com Fri Jul 22 19:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:18:15 +0200 (CEST) Subject: SUSE-SU-2022:2537-1: important: Security update for git Message-ID: <20220722191815.BCBC0FDCF@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2537-1 Rating: important References: #1200119 #1201431 Cross-References: CVE-2022-29187 CVSS scores: CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2537=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2537=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2537=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2537=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2537=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2537=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2537=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2537=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2537=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2537=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE OpenStack Cloud 9 (x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.57.1 git-arch-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-svn-debuginfo-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.26.2-27.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-2.26.2-27.57.1 git-core-2.26.2-27.57.1 git-core-debuginfo-2.26.2-27.57.1 git-cvs-2.26.2-27.57.1 git-daemon-2.26.2-27.57.1 git-daemon-debuginfo-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 git-email-2.26.2-27.57.1 git-gui-2.26.2-27.57.1 git-svn-2.26.2-27.57.1 git-web-2.26.2-27.57.1 gitk-2.26.2-27.57.1 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.57.1 git-debugsource-2.26.2-27.57.1 References: https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1200119 https://bugzilla.suse.com/1201431 From sle-updates at lists.suse.com Fri Jul 22 19:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:19:06 +0200 (CEST) Subject: SUSE-SU-2022:2531-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220722191906.9A391FDCF@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2531-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2531=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2531=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2531=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2531=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2531=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2531=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2531=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.332-27.75.2 java-1_8_0-openjdk-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-debugsource-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-1.8.0.332-27.75.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-1.8.0.332-27.75.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-1.8.0.332-27.75.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-27.75.2 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 From sle-updates at lists.suse.com Fri Jul 22 19:20:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:20:28 +0200 (CEST) Subject: SUSE-SU-2022:2530-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220722192028.823CFFDCF@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2530-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2530=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2530=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2530=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2530=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2530=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2530=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2530=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2530=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2530=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2530=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2530=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2530=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2530=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-accessibility-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-src-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-accessibility-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-src-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.332-150000.3.67.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 From sle-updates at lists.suse.com Fri Jul 22 19:22:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:22:07 +0200 (CEST) Subject: SUSE-SU-2022:2533-1: important: Security update for mozilla-nss Message-ID: <20220722192207.43893FDCF@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2533-1 Rating: important References: #1192079 #1192080 #1192086 #1192087 #1192228 #1198486 #1200027 Cross-References: CVE-2022-31741 CVSS scores: CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2533=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2533=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2533=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2533=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2533=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2533=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2533=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2533=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2533=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2533=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2533=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2533=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2533=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2533=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2533=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2533=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2533=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 - openSUSE Leap 15.4 (x86_64): mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - openSUSE Leap 15.3 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-sysinit-32bit-3.79-150000.3.74.1 mozilla-nss-sysinit-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Manager Server 4.1 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Manager Proxy 4.1 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 References: https://www.suse.com/security/cve/CVE-2022-31741.html https://bugzilla.suse.com/1192079 https://bugzilla.suse.com/1192080 https://bugzilla.suse.com/1192086 https://bugzilla.suse.com/1192087 https://bugzilla.suse.com/1192228 https://bugzilla.suse.com/1198486 https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Fri Jul 22 19:23:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:23:34 +0200 (CEST) Subject: SUSE-SU-2022:2532-1: important: Security update for python-M2Crypto Message-ID: <20220722192334.5BA43FDCF@maintenance.suse.de> SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2532-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2532=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2532=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.3.1 python3-M2Crypto-0.38.0-150400.3.3.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.3.1 - openSUSE Leap 15.4 (noarch): python-M2Crypto-doc-0.38.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.3.1 python3-M2Crypto-0.38.0-150400.3.3.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829 From sle-updates at lists.suse.com Fri Jul 22 19:24:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jul 2022 21:24:16 +0200 (CEST) Subject: SUSE-SU-2022:2536-1: moderate: Security update for mozilla-nspr, mozilla-nss Message-ID: <20220722192416.8385FFDCF@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2536-1 Rating: moderate References: #1191546 #1192079 #1192080 #1192086 #1192087 #1192228 #1193170 #1195040 #1198486 #1198980 #1200325 #1201298 Cross-References: CVE-2021-43527 CVSS scores: CVE-2021-43527 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43527 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to fix various issues: FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15. - FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FISP: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). Version update to NSS 3.79 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Update to NSS 3.78.1 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple update to NSS 3.78 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Update to NSS 3.77: - resolve mpitests build failure on Windows. - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Add a CI Target for gcc-11. - Change to makefiles for gcc-4.8. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix update to NSS 3.76.1 - Remove token member from NSSSlot struct. NSS 3.76 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - real move assignment operator. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Update to NSS 3.74: - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (bsc#1195040) Update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Update to NSS 3.69.1 - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active - FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed. - Run test suite at build time, and make it pass (bsc#1198486). - Enable FIPS during test certificate creation and disables the library checksum validation during same. - FIPS: allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: update validation string to version-release format. (bsc#1192079). - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086). - FIPS: Add CSP clearing (bmo#1697303, bsc#1192087). mozilla-nspr was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. update to 4.33: * fixes to build system and export of private symbols Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2536=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2536=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2536=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2536=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2536=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2536=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2536=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2536=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.79-58.75.1 libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.79-58.75.1 libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nspr-devel-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-devel-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.79-58.75.1 libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.79-58.75.1 libfreebl3-32bit-3.79-58.75.1 libfreebl3-debuginfo-3.79-58.75.1 libfreebl3-debuginfo-32bit-3.79-58.75.1 libfreebl3-hmac-3.79-58.75.1 libfreebl3-hmac-32bit-3.79-58.75.1 libsoftokn3-3.79-58.75.1 libsoftokn3-32bit-3.79-58.75.1 libsoftokn3-debuginfo-3.79-58.75.1 libsoftokn3-debuginfo-32bit-3.79-58.75.1 libsoftokn3-hmac-3.79-58.75.1 libsoftokn3-hmac-32bit-3.79-58.75.1 mozilla-nspr-32bit-4.34-19.21.1 mozilla-nspr-4.34-19.21.1 mozilla-nspr-debuginfo-32bit-4.34-19.21.1 mozilla-nspr-debuginfo-4.34-19.21.1 mozilla-nspr-debugsource-4.34-19.21.1 mozilla-nss-3.79-58.75.1 mozilla-nss-32bit-3.79-58.75.1 mozilla-nss-certs-3.79-58.75.1 mozilla-nss-certs-32bit-3.79-58.75.1 mozilla-nss-certs-debuginfo-3.79-58.75.1 mozilla-nss-certs-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debuginfo-3.79-58.75.1 mozilla-nss-debuginfo-32bit-3.79-58.75.1 mozilla-nss-debugsource-3.79-58.75.1 mozilla-nss-sysinit-3.79-58.75.1 mozilla-nss-sysinit-32bit-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-3.79-58.75.1 mozilla-nss-sysinit-debuginfo-32bit-3.79-58.75.1 mozilla-nss-tools-3.79-58.75.1 mozilla-nss-tools-debuginfo-3.79-58.75.1 References: https://www.suse.com/security/cve/CVE-2021-43527.html https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1192079 https://bugzilla.suse.com/1192080 https://bugzilla.suse.com/1192086 https://bugzilla.suse.com/1192087 https://bugzilla.suse.com/1192228 https://bugzilla.suse.com/1193170 https://bugzilla.suse.com/1195040 https://bugzilla.suse.com/1198486 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1200325 https://bugzilla.suse.com/1201298 From sle-updates at lists.suse.com Fri Jul 22 22:15:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 00:15:49 +0200 (CEST) Subject: SUSE-RU-2022:2538-1: important: Recommended update for cockpit-tukit, transactional-update Message-ID: <20220722221549.28F5BFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for cockpit-tukit, transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2538-1 Rating: important References: #1196826 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cockpit-tukit, transactional-update fixes the following issues: - Initial package with version 0.0.3~git0.d4aa7e9: * Switch to ExecuteAndReboot * Add no-reboot actions to snapshot menus * Add some "write" actions * Disable actions during updates checking * Add updates error to status * Add _service file comment * Add OBS service definition * Fix license and files in spec * Switch cockpit-devel lib to last stable * Add missing global variables - Version 4.0.0~rc3 - Add Snapshot interface - Reworked signal handling: All public signals are sent from the main thread now, keeping the same sender for everything - Implement D-Bus call "Execute" for Transactions - Implement interface for listing Snapshots - Implement Reboot interface - Fix bug when using --continue on old snapshots - Fix hypothetical integer overflow in snapshot list [bsc#1196826] - Fix wrong sort order in status command - Fixed selfupdate - Code cleanup Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2538=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtukit4-4.0.0~rc3-150300.3.3.1 libtukit4-debuginfo-4.0.0~rc3-150300.3.3.1 transactional-update-4.0.0~rc3-150300.3.3.1 transactional-update-debuginfo-4.0.0~rc3-150300.3.3.1 transactional-update-debugsource-4.0.0~rc3-150300.3.3.1 tukit-4.0.0~rc3-150300.3.3.1 tukit-debuginfo-4.0.0~rc3-150300.3.3.1 tukitd-4.0.0~rc3-150300.3.3.1 tukitd-debuginfo-4.0.0~rc3-150300.3.3.1 - SUSE Linux Enterprise Micro 5.2 (noarch): cockpit-tukit-0.0.3~git0.d4aa7e9-150300.1.3.1 dracut-transactional-update-4.0.0~rc3-150300.3.3.1 transactional-update-zypp-config-4.0.0~rc3-150300.3.3.1 References: https://bugzilla.suse.com/1196826 From sle-updates at lists.suse.com Sat Jul 23 07:26:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 09:26:59 +0200 (CEST) Subject: SUSE-CU-2022:1618-1: Security update of suse/sles12sp4 Message-ID: <20220723072659.DA4CFFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1618-1 Container Tags : suse/sles12sp4:26.480 , suse/sles12sp4:latest Container Release : 26.480 Severity : important Type : security References : 1201225 CVE-2022-34903 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2529-1 Released: Fri Jul 22 13:09:00 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). The following package changes have been done: - base-container-licenses-3.0-1.302 updated - container-suseconnect-2.0.0-1.190 updated - gpg2-2.0.24-9.11.1 updated From sle-updates at lists.suse.com Sat Jul 23 07:36:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 09:36:38 +0200 (CEST) Subject: SUSE-CU-2022:1619-1: Security update of suse/sles12sp5 Message-ID: <20220723073638.E3C9EFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1619-1 Container Tags : suse/sles12sp5:6.5.353 , suse/sles12sp5:latest Container Release : 6.5.353 Severity : important Type : security References : 1201225 CVE-2022-34903 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2529-1 Released: Fri Jul 22 13:09:00 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). The following package changes have been done: - gpg2-2.0.24-9.11.1 updated From sle-updates at lists.suse.com Sat Jul 23 07:37:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 09:37:51 +0200 (CEST) Subject: SUSE-CU-2022:1620-1: Security update of bci/openjdk-devel Message-ID: <20220723073751.95D57FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1620-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.39 , bci/openjdk-devel:latest Container Release : 14.39 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 1200855 1201560 1201640 CVE-2022-31741 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. The following package changes have been done: - glibc-2.31-150300.37.1 updated - mozilla-nspr-4.34-150000.3.23.1 updated - container:bci-openjdk-11-11-12.20 updated From sle-updates at lists.suse.com Sat Jul 23 07:38:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 09:38:24 +0200 (CEST) Subject: SUSE-CU-2022:1621-1: Security update of bci/openjdk Message-ID: <20220723073824.CAD13FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1621-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.20 , bci/openjdk:latest Container Release : 12.20 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 CVE-2022-31741 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. The following package changes have been done: - mozilla-nspr-4.34-150000.3.23.1 updated From sle-updates at lists.suse.com Sat Jul 23 07:38:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 09:38:46 +0200 (CEST) Subject: SUSE-CU-2022:1622-1: Security update of suse/pcp Message-ID: <20220723073846.1D68CFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1622-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-7.38 , suse/pcp:latest Container Release : 7.38 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1193282 1198486 1200027 1200855 1201560 1201640 CVE-2022-31741 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - mozilla-nspr-4.34-150000.3.23.1 updated - container:bci-bci-init-15.4-15.4-19.11 updated From sle-updates at lists.suse.com Sat Jul 23 16:15:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 18:15:30 +0200 (CEST) Subject: SUSE-SU-2022:2539-1: important: Security update for java-1_7_1-ibm Message-ID: <20220723161530.A354FFDDB@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2539-1 Rating: important References: #1191912 #1194931 #1198670 #1198671 #1198672 #1198673 #1198674 #1198675 #1201643 Cross-References: CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2539=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2539=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2539=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2539=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2539=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2539=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2539=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2539=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-alsa-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-devel-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.10-38.71.1 java-1_7_1-ibm-plugin-1.7.1_sr5.10-38.71.1 References: https://www.suse.com/security/cve/CVE-2021-35561.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21449.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1191912 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1198670 https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 https://bugzilla.suse.com/1201643 From sle-updates at lists.suse.com Sat Jul 23 16:17:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jul 2022 18:17:01 +0200 (CEST) Subject: SUSE-SU-2022:2540-1: important: Security update for java-1_8_0-ibm Message-ID: <20220723161701.21EFCFDDB@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2540-1 Rating: important References: #1191912 #1194931 #1198670 #1198671 #1198672 #1198673 #1198674 #1198675 #1201643 Cross-References: CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2540=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2540=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2540=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2540=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2540=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2540=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2540=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2540=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-30.90.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-30.90.1 References: https://www.suse.com/security/cve/CVE-2021-35561.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21449.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1191912 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1198670 https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 https://bugzilla.suse.com/1201643 From sle-updates at lists.suse.com Mon Jul 25 10:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jul 2022 12:15:53 +0200 (CEST) Subject: SUSE-RU-2022:2542-1: important: Recommended update for less Message-ID: <20220725101553.6A09BFDDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for less ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2542-1 Rating: important References: #1200738 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for less fixes the following issues: - Fix startup terminal initialization (bsc#1200738) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2542=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): less-458-7.9.1 less-debuginfo-458-7.9.1 less-debugsource-458-7.9.1 References: https://bugzilla.suse.com/1200738 From sle-updates at lists.suse.com Mon Jul 25 13:15:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jul 2022 15:15:41 +0200 (CEST) Subject: SUSE-SU-2022:2543-1: important: Security update for s390-tools Message-ID: <20220725131541.75E60FDCF@maintenance.suse.de> SUSE Security Update: Security update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2543-1 Rating: important References: #1198581 #1199649 #1200131 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of s390-tools fixes the following issues: - Fixed KMIP plugin failing to connection to KMIP server. When a zkey key repository is bound to the KMIP plugin, and the connection to the KMIP server is to be configired using command 'zkey kms configure --kmip-server ', it fails to connect to the specified KMIP server. (bsc#1199649) - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2543=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2543=1 Package List: - openSUSE Leap 15.4 (s390x): libekmfweb1-2.19.0-150400.7.4.1 libekmfweb1-debuginfo-2.19.0-150400.7.4.1 libekmfweb1-devel-2.19.0-150400.7.4.1 libkmipclient1-2.19.0-150400.7.4.1 libkmipclient1-debuginfo-2.19.0-150400.7.4.1 libkmipclient1-devel-2.19.0-150400.7.4.1 osasnmpd-2.19.0-150400.7.4.1 osasnmpd-debuginfo-2.19.0-150400.7.4.1 s390-tools-2.19.0-150400.7.4.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.4.1 s390-tools-debuginfo-2.19.0-150400.7.4.1 s390-tools-debugsource-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.4.1 s390-tools-zdsfs-2.19.0-150400.7.4.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): libekmfweb1-2.19.0-150400.7.4.1 libekmfweb1-debuginfo-2.19.0-150400.7.4.1 libekmfweb1-devel-2.19.0-150400.7.4.1 libkmipclient1-2.19.0-150400.7.4.1 libkmipclient1-debuginfo-2.19.0-150400.7.4.1 osasnmpd-2.19.0-150400.7.4.1 osasnmpd-debuginfo-2.19.0-150400.7.4.1 s390-tools-2.19.0-150400.7.4.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.4.1 s390-tools-debuginfo-2.19.0-150400.7.4.1 s390-tools-debugsource-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.4.1 s390-tools-zdsfs-2.19.0-150400.7.4.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.4.1 References: https://bugzilla.suse.com/1198581 https://bugzilla.suse.com/1199649 https://bugzilla.suse.com/1200131 From sle-updates at lists.suse.com Mon Jul 25 16:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jul 2022 18:15:53 +0200 (CEST) Subject: SUSE-SU-2022:2546-1: important: Security update for gpg2 Message-ID: <20220725161553.F1C02FDCF@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2546-1 Rating: important References: #1196125 #1201225 Cross-References: CVE-2022-34903 CVSS scores: CVE-2022-34903 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-34903 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2546=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2546=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2546=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2546=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2546=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2546=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - openSUSE Leap 15.4 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - openSUSE Leap 15.3 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 References: https://www.suse.com/security/cve/CVE-2022-34903.html https://bugzilla.suse.com/1196125 https://bugzilla.suse.com/1201225 From sle-updates at lists.suse.com Mon Jul 25 16:16:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jul 2022 18:16:37 +0200 (CEST) Subject: SUSE-RU-2022:2545-1: moderate: Recommended update for system-role-common-criteria Message-ID: <20220725161637.1B652FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-role-common-criteria ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2545-1 Rating: moderate References: #1194279 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for system-role-common-criteria fixes the following issues: - Restore UI layout after Common Criteria confirmation (bsc#1194279) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2545=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2545=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): system-role-common-criteria-15.4.1-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): system-role-common-criteria-15.4.1-150400.3.3.1 References: https://bugzilla.suse.com/1194279 From sle-updates at lists.suse.com Mon Jul 25 22:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 00:16:26 +0200 (CEST) Subject: SUSE-SU-2022:2547-1: important: Security update for logrotate Message-ID: <20220725221626.560F6FDCF@maintenance.suse.de> SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2547-1 Rating: important References: #1192449 #1200278 #1200802 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2547=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2547=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2547=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2547=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2547=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2547=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2547=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2547=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Proxy 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE CaaS Platform 4.0 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802 From sle-updates at lists.suse.com Tue Jul 26 07:37:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 09:37:07 +0200 (CEST) Subject: SUSE-CU-2022:1623-1: Recommended update of suse/sle15 Message-ID: <20220726073707.32CC4FDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1623-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.585 Container Release : 4.22.585 Severity : important Type : recommended References : 1148309 1191502 1195529 1200170 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) The following package changes have been done: - libsystemd0-234-150000.24.111.1 updated - libudev1-234-150000.24.111.1 updated From sle-updates at lists.suse.com Tue Jul 26 07:56:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 09:56:39 +0200 (CEST) Subject: SUSE-CU-2022:1624-1: Recommended update of suse/sle15 Message-ID: <20220726075639.8E190FDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1624-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.646 Container Release : 6.2.646 Severity : important Type : recommended References : 1148309 1191502 1195529 1200170 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) The following package changes have been done: - libsystemd0-234-150000.24.111.1 updated - libudev1-234-150000.24.111.1 updated From sle-updates at lists.suse.com Tue Jul 26 07:57:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 09:57:03 +0200 (CEST) Subject: SUSE-CU-2022:1625-1: Recommended update of bci/bci-micro Message-ID: <20220726075703.580A1FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1625-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.19.9 Container Release : 19.9 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated From sle-updates at lists.suse.com Tue Jul 26 08:03:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:03:09 +0200 (CEST) Subject: SUSE-CU-2022:1627-1: Security update of bci/python Message-ID: <20220726080309.25A2CFDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1627-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.34 Container Release : 18.34 Severity : important Type : security References : 1137373 1181658 1194708 1195157 1196125 1197570 1198507 1198732 1200170 1200855 1201225 1201560 1201640 CVE-2022-34903 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) The following package changes have been done: - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - container:sles15-image-15.0.0-17.20.4 updated From sle-updates at lists.suse.com Tue Jul 26 08:12:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:12:37 +0200 (CEST) Subject: SUSE-CU-2022:1628-1: Security update of suse/sle15 Message-ID: <20220726081237.4701BFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1628-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.5 , suse/sle15:15.3 , suse/sle15:15.3.17.20.5 Container Release : 17.20.5 Severity : important Type : security References : 1196125 1201225 CVE-2022-34903 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) The following package changes have been done: - gpg2-2.2.27-150300.3.5.1 updated From sle-updates at lists.suse.com Tue Jul 26 08:13:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:13:12 +0200 (CEST) Subject: SUSE-CU-2022:1629-1: Security update of suse/389-ds Message-ID: <20220726081312.74BF5FDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1629-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.26 , suse/389-ds:latest Container Release : 14.26 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 CVE-2022-31741 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. The following package changes have been done: - mozilla-nspr-4.34-150000.3.23.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Tue Jul 26 08:14:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:14:49 +0200 (CEST) Subject: SUSE-CU-2022:1632-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220726081449.289F9FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1632-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.11 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.11 , bci/dotnet-aspnet:latest Container Release : 19.11 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Tue Jul 26 08:18:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:18:38 +0200 (CEST) Subject: SUSE-CU-2022:1639-1: Recommended update of bci/golang Message-ID: <20220726081838.E7814FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1639-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.22 Container Release : 13.22 Severity : important Type : recommended References : 1193282 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - glibc-devel-2.31-150300.37.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Tue Jul 26 08:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:19:49 +0200 (CEST) Subject: SUSE-CU-2022:1641-1: Recommended update of bci/bci-init Message-ID: <20220726081949.6CAB8FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1641-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.19.13 , bci/bci-init:latest Container Release : 19.13 Severity : important Type : recommended References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1193282 1194708 1195157 1197570 1198732 1200170 1200855 1201276 1201560 1201640 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libudev1-249.11-150400.8.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - timezone-2022a-150000.75.7.1 added - systemd-249.11-150400.8.5.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Tue Jul 26 08:22:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:22:36 +0200 (CEST) Subject: SUSE-CU-2022:1646-1: Recommended update of bci/python Message-ID: <20220726082236.500D7FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1646-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.22 Container Release : 12.22 Severity : important Type : recommended References : 1200855 1201560 1201640 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-2.31-150300.37.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Tue Jul 26 08:23:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 10:23:52 +0200 (CEST) Subject: SUSE-CU-2022:1649-1: Security update of suse/sle15 Message-ID: <20220726082352.499EBFDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1649-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.5 , suse/sle15:15.4 , suse/sle15:15.4.27.11.5 Container Release : 27.11.5 Severity : important Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1193282 1194708 1195157 1196125 1197570 1198732 1200170 1200855 1201225 1201276 1201560 1201640 CVE-2022-34903 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) The following package changes have been done: - curl-7.79.1-150400.5.3.1 added - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - libsystemd0-249.11-150400.8.5.1 updated - libudev1-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - timezone-2022a-150000.75.7.1 added From sle-updates at lists.suse.com Tue Jul 26 16:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2552-1: important: Security update for libxml2 Message-ID: <20220726161621.CB6B4F7C9@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2552-1 Rating: important References: #1196490 #1199132 Cross-References: CVE-2022-23308 CVE-2022-29824 CVSS scores: CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-29824 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-29824 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2552=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2552=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.7.1 libxml2-2-debuginfo-2.9.14-150400.5.7.1 libxml2-debugsource-2.9.14-150400.5.7.1 libxml2-devel-2.9.14-150400.5.7.1 libxml2-tools-2.9.14-150400.5.7.1 libxml2-tools-debuginfo-2.9.14-150400.5.7.1 python3-libxml2-2.9.14-150400.5.7.1 python3-libxml2-debuginfo-2.9.14-150400.5.7.1 - openSUSE Leap 15.4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.7.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.7.1 libxml2-devel-32bit-2.9.14-150400.5.7.1 - openSUSE Leap 15.4 (noarch): libxml2-doc-2.9.14-150400.5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.7.1 libxml2-2-debuginfo-2.9.14-150400.5.7.1 libxml2-debugsource-2.9.14-150400.5.7.1 libxml2-devel-2.9.14-150400.5.7.1 libxml2-tools-2.9.14-150400.5.7.1 libxml2-tools-debuginfo-2.9.14-150400.5.7.1 python3-libxml2-2.9.14-150400.5.7.1 python3-libxml2-debuginfo-2.9.14-150400.5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.7.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.7.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://www.suse.com/security/cve/CVE-2022-29824.html https://bugzilla.suse.com/1196490 https://bugzilla.suse.com/1199132 From sle-updates at lists.suse.com Tue Jul 26 16:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:17:13 +0200 (CEST) Subject: SUSE-SU-2022:2553-1: important: Security update for squid Message-ID: <20220726161713.E9F2BF7C9@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2553-1 Rating: important References: #1185923 #1186654 #1200907 Cross-References: CVE-2021-33620 CVE-2021-46784 CVSS scores: CVE-2021-33620 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33620 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46784 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - CVE-2021-33620: Fixed DoS in HTTP Response processing (bsc#1185923, bsc#1186654) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2553=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2553=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2553=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2553=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2553=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2553=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2553=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2553=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2553=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2553=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2553=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2553=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Proxy 4.1 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE CaaS Platform 4.0 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 References: https://www.suse.com/security/cve/CVE-2021-33620.html https://www.suse.com/security/cve/CVE-2021-46784.html https://bugzilla.suse.com/1185923 https://bugzilla.suse.com/1186654 https://bugzilla.suse.com/1200907 From sle-updates at lists.suse.com Tue Jul 26 16:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:18:16 +0200 (CEST) Subject: SUSE-SU-2022:2550-1: important: Security update for git Message-ID: <20220726161816.18815F7C9@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2550-1 Rating: important References: #1201431 Cross-References: CVE-2022-29187 CVSS scores: CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2550=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2550=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2550=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2550=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-credential-gnome-keyring-2.35.3-150300.10.15.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.15.1 git-credential-libsecret-2.35.3-150300.10.15.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-p4-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-credential-gnome-keyring-2.35.3-150300.10.15.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.15.1 git-credential-libsecret-2.35.3-150300.10.15.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-p4-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 References: https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1201431 From sle-updates at lists.suse.com Tue Jul 26 16:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:19:19 +0200 (CEST) Subject: SUSE-SU-2022:2549-1: important: Security update for the Linux Kernel Message-ID: <20220726161919.9B1F5F7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2549-1 Rating: important References: #1065729 #1179195 #1180814 #1184924 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1198924 #1199482 #1199487 #1199489 #1199657 #1200217 #1200263 #1200343 #1200442 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 #1201644 #1201664 #1201672 #1201673 #1201676 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2549=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2549=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2549=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2549=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2549=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2549=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2549=1 Package List: - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.87.1 dtb-zte-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.87.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-default-5.3.18-150300.59.87.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-default-5.3.18-150300.59.87.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-base-rebuild-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-devel-5.3.18-150300.59.87.1 kernel-default-devel-debuginfo-5.3.18-150300.59.87.1 kernel-default-extra-5.3.18-150300.59.87.1 kernel-default-extra-debuginfo-5.3.18-150300.59.87.1 kernel-default-livepatch-5.3.18-150300.59.87.1 kernel-default-livepatch-devel-5.3.18-150300.59.87.1 kernel-default-optional-5.3.18-150300.59.87.1 kernel-default-optional-debuginfo-5.3.18-150300.59.87.1 kernel-obs-build-5.3.18-150300.59.87.1 kernel-obs-build-debugsource-5.3.18-150300.59.87.1 kernel-obs-qa-5.3.18-150300.59.87.1 kernel-syms-5.3.18-150300.59.87.1 kselftests-kmp-default-5.3.18-150300.59.87.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-default-5.3.18-150300.59.87.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-default-5.3.18-150300.59.87.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.87.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-preempt-5.3.18-150300.59.87.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-preempt-5.3.18-150300.59.87.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-devel-5.3.18-150300.59.87.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-extra-5.3.18-150300.59.87.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.87.1 kernel-preempt-optional-5.3.18-150300.59.87.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.87.1 kselftests-kmp-preempt-5.3.18-150300.59.87.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-preempt-5.3.18-150300.59.87.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-preempt-5.3.18-150300.59.87.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.87.1 kernel-debug-debuginfo-5.3.18-150300.59.87.1 kernel-debug-debugsource-5.3.18-150300.59.87.1 kernel-debug-devel-5.3.18-150300.59.87.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.87.1 kernel-debug-livepatch-devel-5.3.18-150300.59.87.1 kernel-kvmsmall-5.3.18-150300.59.87.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.87.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.87.1 kernel-kvmsmall-devel-5.3.18-150300.59.87.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.87.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.87.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-64kb-5.3.18-150300.59.87.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 dtb-al-5.3.18-150300.59.87.1 dtb-allwinner-5.3.18-150300.59.87.1 dtb-altera-5.3.18-150300.59.87.1 dtb-amd-5.3.18-150300.59.87.1 dtb-amlogic-5.3.18-150300.59.87.1 dtb-apm-5.3.18-150300.59.87.1 dtb-arm-5.3.18-150300.59.87.1 dtb-broadcom-5.3.18-150300.59.87.1 dtb-cavium-5.3.18-150300.59.87.1 dtb-exynos-5.3.18-150300.59.87.1 dtb-freescale-5.3.18-150300.59.87.1 dtb-hisilicon-5.3.18-150300.59.87.1 dtb-lg-5.3.18-150300.59.87.1 dtb-marvell-5.3.18-150300.59.87.1 dtb-mediatek-5.3.18-150300.59.87.1 dtb-nvidia-5.3.18-150300.59.87.1 dtb-qcom-5.3.18-150300.59.87.1 dtb-renesas-5.3.18-150300.59.87.1 dtb-rockchip-5.3.18-150300.59.87.1 dtb-socionext-5.3.18-150300.59.87.1 dtb-sprd-5.3.18-150300.59.87.1 dtb-xilinx-5.3.18-150300.59.87.1 dtb-zte-5.3.18-150300.59.87.1 gfs2-kmp-64kb-5.3.18-150300.59.87.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-5.3.18-150300.59.87.1 kernel-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-debugsource-5.3.18-150300.59.87.1 kernel-64kb-devel-5.3.18-150300.59.87.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-extra-5.3.18-150300.59.87.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.87.1 kernel-64kb-optional-5.3.18-150300.59.87.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.87.1 kselftests-kmp-64kb-5.3.18-150300.59.87.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-64kb-5.3.18-150300.59.87.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-64kb-5.3.18-150300.59.87.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.87.1 kernel-docs-5.3.18-150300.59.87.1 kernel-docs-html-5.3.18-150300.59.87.1 kernel-macros-5.3.18-150300.59.87.1 kernel-source-5.3.18-150300.59.87.1 kernel-source-vanilla-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.87.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-extra-5.3.18-150300.59.87.1 kernel-default-extra-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-extra-5.3.18-150300.59.87.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-livepatch-5.3.18-150300.59.87.1 kernel-default-livepatch-devel-5.3.18-150300.59.87.1 kernel-livepatch-5_3_18-150300_59_87-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 reiserfs-kmp-default-5.3.18-150300.59.87.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.87.1 kernel-obs-build-debugsource-5.3.18-150300.59.87.1 kernel-syms-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-devel-5.3.18-150300.59.87.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.87.1 kernel-source-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-devel-5.3.18-150300.59.87.1 kernel-default-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.87.1 kernel-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-debugsource-5.3.18-150300.59.87.1 kernel-64kb-devel-5.3.18-150300.59.87.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.87.1 kernel-macros-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.87.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.87.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-default-5.3.18-150300.59.87.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-default-5.3.18-150300.59.87.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 ocfs2-kmp-default-5.3.18-150300.59.87.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198924 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200217 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201143 https://bugzilla.suse.com/1201147 https://bugzilla.suse.com/1201149 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676 From sle-updates at lists.suse.com Tue Jul 26 16:24:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:24:52 +0200 (CEST) Subject: SUSE-SU-2022:2551-1: important: Security update for nodejs16 Message-ID: <20220726162452.5B06DF7C9@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2551-1 Rating: important References: #1192489 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2551=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2551=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1192489 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Tue Jul 26 16:25:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jul 2022 18:25:56 +0200 (CEST) Subject: SUSE-RU-2022:2548-1: critical: Critical update for python-cssselect Message-ID: <20220726162556.C9CDAF7C9@maintenance.suse.de> SUSE Recommended Update: Critical update for python-cssselect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2548-1 Rating: critical References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-cssselect implements packages to the unrestrictied repository. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2548=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2548=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2548=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2548=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2548=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2548=1 Package List: - openSUSE Leap 15.4 (noarch): python3-cssselect-1.0.3-150000.3.3.1 - openSUSE Leap 15.3 (noarch): python2-cssselect-1.0.3-150000.3.3.1 python3-cssselect-1.0.3-150000.3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-cssselect-1.0.3-150000.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python2-cssselect-1.0.3-150000.3.3.1 python3-cssselect-1.0.3-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-cssselect-1.0.3-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-cssselect-1.0.3-150000.3.3.1 References: From sle-updates at lists.suse.com Wed Jul 27 04:15:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 06:15:52 +0200 (CEST) Subject: SUSE-RU-2022:2556-1: critical: Critical update for python-lxml Message-ID: <20220727041552.0C158F7C9@maintenance.suse.de> SUSE Recommended Update: Critical update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2556-1 Rating: critical References: Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-lxml implements packages to the unrestrictied repository. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2556=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): python3-lxml-4.7.1-150100.6.3.1 python3-lxml-devel-4.7.1-150100.6.3.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-lxml-doc-4.7.1-150100.6.3.1 References: From sle-updates at lists.suse.com Wed Jul 27 07:18:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:18:44 +0200 (CEST) Subject: SUSE-CU-2022:1651-1: Security update of bci/python Message-ID: <20220727071844.101A5F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1651-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.35 Container Release : 18.35 Severity : important Type : security References : 1201431 CVE-2022-29187 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). The following package changes have been done: - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-17.20.5 updated From sle-updates at lists.suse.com Wed Jul 27 07:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:19:26 +0200 (CEST) Subject: SUSE-CU-2022:1652-1: Security update of suse/389-ds Message-ID: <20220727071926.BADF6F7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1652-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.28 , suse/389-ds:latest Container Release : 14.28 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Wed Jul 27 07:20:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:20:12 +0200 (CEST) Subject: SUSE-CU-2022:1653-1: Security update of bci/dotnet-aspnet Message-ID: <20220727072012.85EF4F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1653-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.13 , bci/dotnet-aspnet:3.1.27 , bci/dotnet-aspnet:3.1.27-18.13 Container Release : 18.13 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Wed Jul 27 07:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:20:51 +0200 (CEST) Subject: SUSE-CU-2022:1654-1: Security update of bci/dotnet-aspnet Message-ID: <20220727072051.28063F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1654-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.23 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.23 Container Release : 10.23 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:21:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:21:29 +0200 (CEST) Subject: SUSE-CU-2022:1655-1: Security update of bci/dotnet-aspnet Message-ID: <20220727072129.DFFDCF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1655-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.13 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.13 , bci/dotnet-aspnet:latest Container Release : 19.13 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Wed Jul 27 07:22:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:22:25 +0200 (CEST) Subject: SUSE-CU-2022:1656-1: Security update of bci/dotnet-sdk Message-ID: <20220727072225.C9DC9F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1656-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-18.11 , bci/dotnet-sdk:3.1.27 , bci/dotnet-sdk:3.1.27-18.11 Container Release : 18.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:23:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:23:07 +0200 (CEST) Subject: SUSE-CU-2022:1657-1: Security update of bci/dotnet-sdk Message-ID: <20220727072307.76018F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1657-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.22 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.22 Container Release : 10.22 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:23:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:23:47 +0200 (CEST) Subject: SUSE-CU-2022:1658-1: Security update of bci/dotnet-sdk Message-ID: <20220727072347.EDF5AF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1658-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.11 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.11 , bci/dotnet-sdk:latest Container Release : 21.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:24:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:24:32 +0200 (CEST) Subject: SUSE-CU-2022:1659-1: Security update of bci/dotnet-runtime Message-ID: <20220727072432.52CF0F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1659-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-17.11 , bci/dotnet-runtime:3.1.27 , bci/dotnet-runtime:3.1.27-17.11 Container Release : 17.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:25:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:25:09 +0200 (CEST) Subject: SUSE-CU-2022:1660-1: Security update of bci/dotnet-runtime Message-ID: <20220727072509.38EFBF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1660-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.22 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.22 Container Release : 10.22 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:25:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:25:47 +0200 (CEST) Subject: SUSE-CU-2022:1661-1: Security update of bci/dotnet-runtime Message-ID: <20220727072547.DC0E9F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1661-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-18.11 , bci/dotnet-runtime:6.0.7 , bci/dotnet-runtime:6.0.7-18.11 , bci/dotnet-runtime:latest Container Release : 18.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:26:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:26:44 +0200 (CEST) Subject: SUSE-CU-2022:1662-1: Security update of bci/golang Message-ID: <20220727072644.AFB1AF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1662-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.25 Container Release : 13.25 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Wed Jul 27 07:27:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:27:20 +0200 (CEST) Subject: SUSE-CU-2022:1663-1: Security update of bci/golang Message-ID: <20220727072720.ED1A7F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1663-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.23 , bci/golang:latest Container Release : 7.23 Severity : important Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1193282 1194708 1195157 1196490 1197570 1197718 1198732 1199132 1199140 1199232 1199232 1200170 1200334 1200855 1200855 1201276 1201431 1201560 1201640 CVE-2022-1586 CVE-2022-1586 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - glibc-2.31-150300.37.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libudev1-249.11-150400.8.5.1 updated - libpcre1-8.45-150000.20.13.1 updated - libxml2-2-2.9.14-150400.5.7.1 updated - libsystemd0-249.11-150400.8.5.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - timezone-2022a-150000.75.7.1 added - libpcre2-8-0-10.39-150400.4.3.1 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - glibc-devel-2.31-150300.37.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Wed Jul 27 07:27:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:27:54 +0200 (CEST) Subject: SUSE-CU-2022:1664-1: Security update of bci/nodejs Message-ID: <20220727072754.75A13F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1664-1 Container Tags : bci/node:14 , bci/node:14-13.26 , bci/nodejs:14 , bci/nodejs:14-13.26 Container Release : 13.26 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Wed Jul 27 07:28:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:28:23 +0200 (CEST) Subject: SUSE-CU-2022:1665-1: Security update of bci/nodejs Message-ID: <20220727072823.CED97F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1665-1 Container Tags : bci/node:16 , bci/node:16-8.23 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.23 , bci/nodejs:latest Container Release : 8.23 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.5 updated From sle-updates at lists.suse.com Wed Jul 27 07:29:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:29:41 +0200 (CEST) Subject: SUSE-CU-2022:1666-1: Security update of bci/openjdk-devel Message-ID: <20220727072941.2D049F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1666-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.45 , bci/openjdk-devel:latest Container Release : 14.45 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:bci-openjdk-11-11-12.23 updated From sle-updates at lists.suse.com Wed Jul 27 07:30:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:30:34 +0200 (CEST) Subject: SUSE-CU-2022:1667-1: Security update of bci/openjdk Message-ID: <20220727073034.55C0FF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1667-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.23 , bci/openjdk:latest Container Release : 12.23 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated From sle-updates at lists.suse.com Wed Jul 27 07:31:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 09:31:01 +0200 (CEST) Subject: SUSE-CU-2022:1668-1: Security update of bci/python Message-ID: <20220727073101.E5F13F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1668-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.24 Container Release : 12.24 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated From sle-updates at lists.suse.com Wed Jul 27 13:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 15:18:46 +0200 (CEST) Subject: SUSE-SU-2022:2557-1: important: Security update for xen Message-ID: <20220727131846.B7951F7C9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2557-1 Rating: important References: #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2557=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2557=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_26-3.74.1 xen-devel-4.12.4_26-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_26-3.74.1 xen-debugsource-4.12.4_26-3.74.1 xen-doc-html-4.12.4_26-3.74.1 xen-libs-32bit-4.12.4_26-3.74.1 xen-libs-4.12.4_26-3.74.1 xen-libs-debuginfo-32bit-4.12.4_26-3.74.1 xen-libs-debuginfo-4.12.4_26-3.74.1 xen-tools-4.12.4_26-3.74.1 xen-tools-debuginfo-4.12.4_26-3.74.1 xen-tools-domU-4.12.4_26-3.74.1 xen-tools-domU-debuginfo-4.12.4_26-3.74.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Wed Jul 27 16:16:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:16:16 +0200 (CEST) Subject: SUSE-RU-2022:2564-1: moderate: Recommended update for suse-migration-rpm Message-ID: <20220727161616.A8A8BF7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2564-1 Rating: moderate References: Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for suse-migration-rpm fixes the following issues: Update for suse-migration-rpm. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2564=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2564=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): suse-migration-rpm-1.0.1-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): suse-migration-rpm-1.0.1-150000.1.12.1 References: From sle-updates at lists.suse.com Wed Jul 27 16:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:16:50 +0200 (CEST) Subject: SUSE-SU-2022:2565-1: important: Security update for pcre2 Message-ID: <20220727161650.C76E5F7C9@maintenance.suse.de> SUSE Security Update: Security update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2565-1 Rating: important References: #1199235 Cross-References: CVE-2022-1587 CVSS scores: CVE-2022-1587 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1587 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2565=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2565=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2565=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2565=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2565=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2565=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2565=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2565=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE OpenStack Cloud 9 (x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): pcre2-debugsource-10.34-1.10.1 pcre2-devel-10.34-1.10.1 pcre2-devel-static-10.34-1.10.1 pcre2-tools-10.34-1.10.1 pcre2-tools-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpcre2-16-0-10.34-1.10.1 libpcre2-16-0-debuginfo-10.34-1.10.1 libpcre2-32-0-10.34-1.10.1 libpcre2-32-0-debuginfo-10.34-1.10.1 libpcre2-8-0-10.34-1.10.1 libpcre2-8-0-debuginfo-10.34-1.10.1 libpcre2-posix2-10.34-1.10.1 libpcre2-posix2-debuginfo-10.34-1.10.1 References: https://www.suse.com/security/cve/CVE-2022-1587.html https://bugzilla.suse.com/1199235 From sle-updates at lists.suse.com Wed Jul 27 16:17:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:17:28 +0200 (CEST) Subject: SUSE-RU-2022:2563-1: moderate: Recommended update for suse-migration-services Message-ID: <20220727161728.8A807F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2563-1 Rating: moderate References: #1191634 #1199028 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for suse-migration-services fixes the following issues: - Enable prechecks as a systemd process - Add an EnvironmentFile to 'suse-migration-prepare.service' (bsc#1199028) - Add fix option to pre-checks - Remove --no-kernel from host independant initrd - Add an unsupported caveat for hpc - Add multiversion kernel checks to pre-checks - Enable prechecks for SLES15-Migration - Add fix for setup in tests - Add more details around migration_proudct - Add an option to create a 'fat' initrd - Fix pytest 7 compatibility - Mocks the command call for tests that run in an environment with no partitions or partitions have not been defined - Add zypper migration plugin verbosity - This fixes issue with migration in 'DMS'. (bsc#1191634) - Add migration_product to documentation - Show config file content in the migration log Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2563=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2563=1 Package List: - openSUSE Leap 15.4 (noarch): suse-migration-services-2.0.33-150000.1.46.1 - openSUSE Leap 15.3 (noarch): suse-migration-services-2.0.33-150000.1.46.1 References: https://bugzilla.suse.com/1191634 https://bugzilla.suse.com/1199028 From sle-updates at lists.suse.com Wed Jul 27 16:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:18:30 +0200 (CEST) Subject: SUSE-SU-2022:2561-1: important: Security update for mariadb Message-ID: <20220727161830.2D9AAF7C9@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2561-1 Rating: important References: #1195076 #1195325 #1195334 #1195339 #1196016 #1198603 #1198604 #1198605 #1198606 #1198607 #1198609 #1198610 #1198611 #1198612 #1198613 #1198628 #1198629 #1198630 #1198631 #1198632 #1198633 #1198634 #1198635 #1198636 #1198637 #1198638 #1198639 #1198640 #1199928 SLE-22245 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46661 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27376 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27379 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27382 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27382 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27444 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27444 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27446 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27446 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27447 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27447 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27448 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27448 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27449 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27451 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27452 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27452 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27455 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27455 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27456 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27456 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27457 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27457 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27458 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27458 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 36 vulnerabilities, contains one feature is now available. Description: This update for mariadb fixes the following issues: - Added mariadb-galera (jsc#SLE-22245) Update to 10.6.8 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 Update to 10.6.7 (bsc#1196016): - CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663 Update to 10.6.6: - CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339) The following issues have been fixed already but didn't have CVE references: - CVE-2021-46658 (bsc#1195334) - CVE-2021-46657 (bsc#1195325) Non security fixes: - Skip failing tests for s390x, fixes bsc#1195076 External refernences: - https://mariadb.com/kb/en/library/mariadb-1068-release-notes - https://mariadb.com/kb/en/library/mariadb-1068-changelog - https://mariadb.com/kb/en/library/mariadb-1067-release-notes - https://mariadb.com/kb/en/library/mariadb-1067-changelog - https://mariadb.com/kb/en/library/mariadb-1066-release-notes - https://mariadb.com/kb/en/library/mariadb-1066-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2561=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2561=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.8-150400.3.7.1 libmariadbd19-10.6.8-150400.3.7.1 libmariadbd19-debuginfo-10.6.8-150400.3.7.1 mariadb-10.6.8-150400.3.7.1 mariadb-bench-10.6.8-150400.3.7.1 mariadb-bench-debuginfo-10.6.8-150400.3.7.1 mariadb-client-10.6.8-150400.3.7.1 mariadb-client-debuginfo-10.6.8-150400.3.7.1 mariadb-debuginfo-10.6.8-150400.3.7.1 mariadb-debugsource-10.6.8-150400.3.7.1 mariadb-galera-10.6.8-150400.3.7.1 mariadb-rpm-macros-10.6.8-150400.3.7.1 mariadb-test-10.6.8-150400.3.7.1 mariadb-test-debuginfo-10.6.8-150400.3.7.1 mariadb-tools-10.6.8-150400.3.7.1 mariadb-tools-debuginfo-10.6.8-150400.3.7.1 - openSUSE Leap 15.4 (noarch): mariadb-errormessages-10.6.8-150400.3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.8-150400.3.7.1 libmariadbd19-10.6.8-150400.3.7.1 libmariadbd19-debuginfo-10.6.8-150400.3.7.1 mariadb-10.6.8-150400.3.7.1 mariadb-client-10.6.8-150400.3.7.1 mariadb-client-debuginfo-10.6.8-150400.3.7.1 mariadb-debuginfo-10.6.8-150400.3.7.1 mariadb-debugsource-10.6.8-150400.3.7.1 mariadb-tools-10.6.8-150400.3.7.1 mariadb-tools-debuginfo-10.6.8-150400.3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): mariadb-errormessages-10.6.8-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://www.suse.com/security/cve/CVE-2022-27376.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27379.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27382.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27444.html https://www.suse.com/security/cve/CVE-2022-27445.html https://www.suse.com/security/cve/CVE-2022-27446.html https://www.suse.com/security/cve/CVE-2022-27447.html https://www.suse.com/security/cve/CVE-2022-27448.html https://www.suse.com/security/cve/CVE-2022-27449.html https://www.suse.com/security/cve/CVE-2022-27451.html https://www.suse.com/security/cve/CVE-2022-27452.html https://www.suse.com/security/cve/CVE-2022-27455.html https://www.suse.com/security/cve/CVE-2022-27456.html https://www.suse.com/security/cve/CVE-2022-27457.html https://www.suse.com/security/cve/CVE-2022-27458.html https://bugzilla.suse.com/1195076 https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198605 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198609 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198628 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1198630 https://bugzilla.suse.com/1198631 https://bugzilla.suse.com/1198632 https://bugzilla.suse.com/1198633 https://bugzilla.suse.com/1198634 https://bugzilla.suse.com/1198635 https://bugzilla.suse.com/1198636 https://bugzilla.suse.com/1198637 https://bugzilla.suse.com/1198638 https://bugzilla.suse.com/1198639 https://bugzilla.suse.com/1198640 https://bugzilla.suse.com/1199928 From sle-updates at lists.suse.com Wed Jul 27 16:21:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:21:31 +0200 (CEST) Subject: SUSE-SU-2022:2560-1: important: Security update for xen Message-ID: <20220727162131.8C4B8F7C9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2560-1 Rating: important References: #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2560=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2560=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2560=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2560=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_30-2.76.1 xen-debugsource-4.11.4_30-2.76.1 xen-doc-html-4.11.4_30-2.76.1 xen-libs-32bit-4.11.4_30-2.76.1 xen-libs-4.11.4_30-2.76.1 xen-libs-debuginfo-32bit-4.11.4_30-2.76.1 xen-libs-debuginfo-4.11.4_30-2.76.1 xen-tools-4.11.4_30-2.76.1 xen-tools-debuginfo-4.11.4_30-2.76.1 xen-tools-domU-4.11.4_30-2.76.1 xen-tools-domU-debuginfo-4.11.4_30-2.76.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_30-2.76.1 xen-debugsource-4.11.4_30-2.76.1 xen-doc-html-4.11.4_30-2.76.1 xen-libs-32bit-4.11.4_30-2.76.1 xen-libs-4.11.4_30-2.76.1 xen-libs-debuginfo-32bit-4.11.4_30-2.76.1 xen-libs-debuginfo-4.11.4_30-2.76.1 xen-tools-4.11.4_30-2.76.1 xen-tools-debuginfo-4.11.4_30-2.76.1 xen-tools-domU-4.11.4_30-2.76.1 xen-tools-domU-debuginfo-4.11.4_30-2.76.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_30-2.76.1 xen-debugsource-4.11.4_30-2.76.1 xen-doc-html-4.11.4_30-2.76.1 xen-libs-32bit-4.11.4_30-2.76.1 xen-libs-4.11.4_30-2.76.1 xen-libs-debuginfo-32bit-4.11.4_30-2.76.1 xen-libs-debuginfo-4.11.4_30-2.76.1 xen-tools-4.11.4_30-2.76.1 xen-tools-debuginfo-4.11.4_30-2.76.1 xen-tools-domU-4.11.4_30-2.76.1 xen-tools-domU-debuginfo-4.11.4_30-2.76.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_30-2.76.1 xen-debugsource-4.11.4_30-2.76.1 xen-doc-html-4.11.4_30-2.76.1 xen-libs-32bit-4.11.4_30-2.76.1 xen-libs-4.11.4_30-2.76.1 xen-libs-debuginfo-32bit-4.11.4_30-2.76.1 xen-libs-debuginfo-4.11.4_30-2.76.1 xen-tools-4.11.4_30-2.76.1 xen-tools-debuginfo-4.11.4_30-2.76.1 xen-tools-domU-4.11.4_30-2.76.1 xen-tools-domU-debuginfo-4.11.4_30-2.76.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Wed Jul 27 16:22:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:22:34 +0200 (CEST) Subject: SUSE-SU-2022:2566-1: important: Security update for pcre2 Message-ID: <20220727162234.BDD82F7C9@maintenance.suse.de> SUSE Security Update: Security update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2566-1 Rating: important References: #1199235 Cross-References: CVE-2022-1587 CVSS scores: CVE-2022-1587 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1587 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2566=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2566=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.6.1 libpcre2-16-0-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-10.39-150400.4.6.1 libpcre2-32-0-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-10.39-150400.4.6.1 libpcre2-8-0-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-10.39-150400.4.6.1 libpcre2-posix2-debuginfo-10.39-150400.4.6.1 pcre2-debugsource-10.39-150400.4.6.1 pcre2-devel-10.39-150400.4.6.1 pcre2-devel-static-10.39-150400.4.6.1 pcre2-tools-10.39-150400.4.6.1 pcre2-tools-debuginfo-10.39-150400.4.6.1 - openSUSE Leap 15.4 (noarch): pcre2-doc-10.39-150400.4.6.1 - openSUSE Leap 15.4 (x86_64): libpcre2-16-0-32bit-10.39-150400.4.6.1 libpcre2-16-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-32bit-10.39-150400.4.6.1 libpcre2-32-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-32bit-10.39-150400.4.6.1 libpcre2-8-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-32bit-10.39-150400.4.6.1 libpcre2-posix2-32bit-debuginfo-10.39-150400.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.6.1 libpcre2-16-0-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-10.39-150400.4.6.1 libpcre2-32-0-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-10.39-150400.4.6.1 libpcre2-8-0-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-10.39-150400.4.6.1 libpcre2-posix2-debuginfo-10.39-150400.4.6.1 pcre2-debugsource-10.39-150400.4.6.1 pcre2-devel-10.39-150400.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-1587.html https://bugzilla.suse.com/1199235 From sle-updates at lists.suse.com Wed Jul 27 16:23:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 18:23:32 +0200 (CEST) Subject: SUSE-SU-2022:2562-1: important: Security update for python-M2Crypto Message-ID: <20220727162332.97558F7C9@maintenance.suse.de> SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2562-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2562=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2562=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2562=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2562=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2562=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2562=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2562=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2562=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2562=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2562=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2562=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2562=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2562=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2562=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2562=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2562=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - openSUSE Leap 15.3 (noarch): python-M2Crypto-doc-0.35.2-150000.3.14.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Manager Proxy 4.1 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE CaaS Platform 4.0 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829 From sle-updates at lists.suse.com Wed Jul 27 19:15:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 21:15:50 +0200 (CEST) Subject: SUSE-SU-2022:2567-1: important: Important update for SUSE Manager 4.2.8 Release Notes Message-ID: <20220727191550.2B00EF7C9@maintenance.suse.de> SUSE Security Update: Important update for SUSE Manager 4.2.8 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2567-1 Rating: important References: #1179962 #1182742 #1189501 #1192850 #1193032 #1193238 #1194262 #1194394 #1196977 #1197429 #1197507 #1198191 #1198356 #1198358 #1198429 #1198646 #1198686 #1198914 #1198944 #1198999 #1199019 #1199036 #1199049 #1199401 #1199438 #1199466 #1199523 #1199528 #1199577 #1199596 #1199629 #1199646 #1199656 #1199677 #1199679 #1199727 #1199874 #1199888 #1200087 #1200703 #1200707 #1200863 #1201782 #1201842 Cross-References: CVE-2022-31248 CVSS scores: CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has 43 fixes is now available. Description: This update for SUSE Manager 4.2.8 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.8 * Notification about SUSE Manager end-of-life has been added * CVEs fixed CVE-2022-31248 * Bugs mentioned bsc#1179962, bsc#1182742, bsc#1189501, bsc#1192850, bsc#1193032 bsc#1193238, bsc#1194262, bsc#1196977, bsc#1197429, bsc#1197507 bsc#1198191, bsc#1198356, bsc#1198358, bsc#1198429, bsc#1198646 bsc#1198686, bsc#1198914, bsc#1198944, bsc#1198999, bsc#1199019 bsc#1199036, bsc#1199049, bsc#1199438, bsc#1199466, bsc#1199523 bsc#1199528, bsc#1199577, bsc#1199596, bsc#1199629, bsc#1199646 bsc#1199656, bsc#1199677, bsc#1199679, bsc#1199727, bsc#1199874 bsc#1199888, bsc#1200087, bsc#1200703, bsc#1200707, bsc#1200863 bsc#1194394, bsc#1201842, bsc#1201782 Release notes for SUSE Manager Proxy: - Update to 4.2.8 * Bugs mentioned bsc#1193238, bsc#1197507, bsc#1199019, bsc#1199401, bsc#1199528 bsc#1199679, bsc#1200087 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2567=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2567=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2567=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.8-150300.3.51.2 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.8-150300.3.40.2 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.8-150300.3.40.2 References: https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1179962 https://bugzilla.suse.com/1182742 https://bugzilla.suse.com/1189501 https://bugzilla.suse.com/1192850 https://bugzilla.suse.com/1193032 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1194262 https://bugzilla.suse.com/1194394 https://bugzilla.suse.com/1196977 https://bugzilla.suse.com/1197429 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1198191 https://bugzilla.suse.com/1198356 https://bugzilla.suse.com/1198358 https://bugzilla.suse.com/1198429 https://bugzilla.suse.com/1198646 https://bugzilla.suse.com/1198686 https://bugzilla.suse.com/1198914 https://bugzilla.suse.com/1198944 https://bugzilla.suse.com/1198999 https://bugzilla.suse.com/1199019 https://bugzilla.suse.com/1199036 https://bugzilla.suse.com/1199049 https://bugzilla.suse.com/1199401 https://bugzilla.suse.com/1199438 https://bugzilla.suse.com/1199466 https://bugzilla.suse.com/1199523 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199577 https://bugzilla.suse.com/1199596 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1199646 https://bugzilla.suse.com/1199656 https://bugzilla.suse.com/1199677 https://bugzilla.suse.com/1199679 https://bugzilla.suse.com/1199727 https://bugzilla.suse.com/1199874 https://bugzilla.suse.com/1199888 https://bugzilla.suse.com/1200087 https://bugzilla.suse.com/1200703 https://bugzilla.suse.com/1200707 https://bugzilla.suse.com/1200863 https://bugzilla.suse.com/1201782 https://bugzilla.suse.com/1201842 From sle-updates at lists.suse.com Wed Jul 27 19:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 21:19:29 +0200 (CEST) Subject: SUSE-SU-2022:2569-1: important: Security update for xen Message-ID: <20220727191929.B67D5F7C9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2569-1 Rating: important References: #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2569=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_24-43.91.1 xen-debugsource-4.7.6_24-43.91.1 xen-doc-html-4.7.6_24-43.91.1 xen-libs-32bit-4.7.6_24-43.91.1 xen-libs-4.7.6_24-43.91.1 xen-libs-debuginfo-32bit-4.7.6_24-43.91.1 xen-libs-debuginfo-4.7.6_24-43.91.1 xen-tools-4.7.6_24-43.91.1 xen-tools-debuginfo-4.7.6_24-43.91.1 xen-tools-domU-4.7.6_24-43.91.1 xen-tools-domU-debuginfo-4.7.6_24-43.91.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Wed Jul 27 19:20:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 21:20:29 +0200 (CEST) Subject: SUSE-SU-2022:2568-1: important: Security update for SUSE Manager Server 4.2 Message-ID: <20220727192029.2F264F7C9@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2568-1 Rating: important References: #1179962 #1182742 #1189501 #1192850 #1193032 #1193238 #1194262 #1194394 #1196977 #1197429 #1197507 #1198191 #1198356 #1198358 #1198429 #1198646 #1198686 #1198914 #1198944 #1198999 #1199019 #1199036 #1199049 #1199438 #1199466 #1199523 #1199528 #1199577 #1199596 #1199629 #1199646 #1199656 #1199677 #1199679 #1199727 #1199874 #1199888 #1200087 #1200703 #1200707 #1200863 #1201782 #1201842 Cross-References: CVE-2022-31248 CVSS scores: CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has 42 fixes is now available. Description: This update fixes the following issues: apache-commons-csv: - Fix the URL for the package - Declare the LICENSE file as license and not doc apache-commons-math3: - Fix the URL for the package - Declare the LICENSE file as license and not doc drools: - Declare the LICENSE file as license and not doc jakarta-commons-validator: - Declare the LICENSE file as license and not doc jose4j: - Declare the LICENSE file as license and not doc kie-api: - Declare the LICENSE file as license and not doc mvel2: - Declare the LICENSE file as license and not doc optaplanner: - Declare the LICENSE file as license and not doc py27-compat-salt: - Remove redundant overrides causing confusing DEBUG logging (bsc#1189501) python-susemanager-retail: - Update to version 1.0.1653987003.92d4870 * Fix messages and logging in retail_create_delta (bsc#1199727) smdba: - Declare the LICENSE file as license and not doc - Make EL egginfo removal more generic spacecmd: - Version 4.2.18-1 * on full system update call schedulePackageUpdate API (bsc#1197507) spacewalk-admin: - Version 4.2.11-1 * clarify schema upgrade check message (bsc#1198999) spacewalk-backend: - Version 4.2.23-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * store create-bootstrap logs in spacewalk-debug spacewalk-branding: - Version 4.2.14-1 * Stylesheets and relevant assets are now provided by spacewalk-web spacewalk-certs-tools: - Version 4.2.17-1 * use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087) spacewalk-client-tools: - Version 4.2.19-1 * Update translation strings spacewalk-java: - version 4.2.40-1 * Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394) - Version 4.2.39-1 * Keep the websocket connections alive with ping/pong frames (bsc#1199874) * Fix missing remote command history events for big output (bsc#1199656) * Improve CLM channel cloning performance (bsc#1199523) * fix api log message references the wrong user (bsc#1179962) * Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646) * fix download of packages with caret sign in the version due to missing url decode * Prefer the Salt Bundle with Cobbler snippets configuration (minion_script and redhat_register_using_salt) (bsc#1198646) * During re-activation, recalculate grains if contact method has been changed (bsc#1199677) * Hide authentication data in PAYG UI (bsc#1199679) * autoinstallation: missing whitespace after install URL (bsc#1199888) * Improved handling of error messages during bootstrapping * skip forwarding data to scc if no credentials are available * Change system details lock tab name to lock/unlock (bsc#1193032) * Added a notification to inform the administrators about the product end-of-life * Set profile tag has no-mandatory in XCCDF result (bsc#1194262) * provisioning thought proxy should use proxy for self_update (bsc#1199036) * Allow removing duplicated packages names in the same Salt action (bsc#1198686) * fix NoSuchElementException when pkg install date is missing * Improve API documentation * Fix outdated documentation and release notes links * Fix error message in Kubernetes VHM creation dialog * Add createAppStreamFilters() XMLRPC function * Correct concurrency error on payg taskomatic task for updating certificates (#17783) * Fix ACL rules for config diff download for SLS files (bsc#1198914) * fix package selection for ubuntu errata install (bsc#1199049) * fix invalid link to action schedule * add schedulePackageUpdate() XMLRPC function (bsc#1197507) * update server needed cache after adding Ubuntu Errata (bsc#1196977) * check if file exists before sending it to xsendfile (bsc#1198191) * Display usertime instead of server time for clm issue date filter (bsc#1198429) * Redesign the auto errata task to schedule combined actions (bsc#1197429) * Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248) spacewalk-search: - Version 4.2.7-1 * Update development configuration file spacewalk-setup: - Version 4.2.11-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356) spacewalk-utils: - Version 4.2.17-1 * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356) spacewalk-web: - Version 4.2.28-1 * Stylesheets and relevant assets are now provided by spacewalk-web * Remove nodejs-packaging as a build requirement * Hide authentication data in PAYG UI (bsc#1199679) * Improved handling of error messages during bootstrapping * Added support for end of life notifications * Improved test integration for dropdowns * Upgrade moment to 2.29.2 * Fix outdated documentation and release notes links * Fix mimetype in kubeconfig validation request (bsc#1199019) subscription-matcher: - Declare the LICENSE file as license and not doc susemanager: - version 4.2.35-1 * Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842) - Version 4.2.34-1 * mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742) * add SLED 12 SP3 bootstrap repo definition (bsc#1199438) - Version 4.2.33-1 * Fix issue with bootstrap repo definitions for RHEL/RES8 variants (bsc#1200863) susemanager-doc-indexes: - Fixed the 'fast' switch ('-f') of the database migration script in the Installation and Upgrade Guides - Updated the Virtualization chapter in the Client Configuration Guide - Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944) - In the Client Configuration Guide, package locking is now supported for Ubuntu and Debian - Fixed VisibleIf documentation in the Formula section of the Salt Guide - Added note about importing CA certifcates in the Installation and Upgrade Guide (bsc#1198358) - Documented how to define monitored targets using the file-based service discovery provided in the Prometheus formula of the Salt Guide - Add note about OpenSCAP security profile support in OpenSCAP section of the Administration Guide - Fixed spacewalk-remove-channel command in Delete Channels section of the Administration Guide (bsc#1199596) - Large deployments guide now includes a mention of the proxy (bsc#1199577) - Enhanced the Product Migration chapter of the Client Configuration Guide with a SUSE Linux Enterprise example susemanager-docs_en: - Fixed the 'fast' switch ('-f') of the database migration script in the Installation and Upgrade Guides - Updated the Virtualization chapter in the Client Configuration Guide - Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944) - In the Client Configuration Guide, package locking is now supported for Ubuntu and Debian - Fixed VisibleIf documentation in the Formula section of the Salt Guide - Added note about importing CA certifcates in the Installation and Upgrade Guide (bsc#1198358) - Documented how to define monitored targets using the file-based service discovery provided in the Prometheus formula of the Salt Guide - Add note about OpenSCAP security profile support in OpenSCAP section of the Administration Guide - Fixed spacewalk-remove-channel command in Delete Channels section of the Administration Guide (bsc#1199596) - Large deployments guide now includes a mention of the proxy (bsc#1199577) - Enhanced the Product Migration chapter of the Client Configuration Guide with a SUSE Linux Enterprise example susemanager-schema: - Version 4.2.23-1 * Add schema directory for susemanager-schema-4.2.22 susemanager-sls: - version 4.2.26-1 * Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782) - Version 4.2.25-1 * use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087) * Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686) * do not install products and gpg keys when performing distupgrade dry-run (bsc#1199466) * Fix deprecated warning when getting pillar data (bsc#1192850) * remove unknown repository flags on EL * add packages.pkgupdate state (bsc#1197507) - Version 4.2.24-1 * Manage the correct minion config file when venv-salt-minion is installed (bsc#1200703) * Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707) susemanager-sync-data: - Version 4.2.13-1 * change release status of Debian 11 to released virtual-host-gatherer: - Declare the LICENSE file as license and not doc woodstox: - Declare the LICENSE file as license and not doc xmlpull-api: - Declare the LICENSE file as license and not doc How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2568=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): smdba-1.7.10-0.150300.3.9.2 spacewalk-branding-4.2.14-150300.3.12.3 susemanager-4.2.35-150300.3.36.1 susemanager-tools-4.2.35-150300.3.36.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): apache-commons-csv-1.2-150300.3.3.2 apache-commons-math3-3.2-150300.3.3.2 drools-7.17.0-150300.4.3.2 jakarta-commons-validator-1.1.4-21.150300.21.3.3 jose4j-0.5.1-150300.3.3.2 kie-api-7.17.0-150300.4.3.2 mvel2-2.2.6.Final-150300.3.3.2 optaplanner-7.17.0-150300.4.3.2 py27-compat-salt-3000.3-150300.7.7.20.2 python3-spacewalk-certs-tools-4.2.17-150300.3.21.2 python3-spacewalk-client-tools-4.2.19-150300.4.21.3 python3-susemanager-retail-1.0.1653987003.92d4870-150300.3.3.2 spacecmd-4.2.18-150300.4.24.3 spacewalk-admin-4.2.11-150300.3.12.3 spacewalk-backend-4.2.23-150300.4.26.3 spacewalk-backend-app-4.2.23-150300.4.26.3 spacewalk-backend-applet-4.2.23-150300.4.26.3 spacewalk-backend-config-files-4.2.23-150300.4.26.3 spacewalk-backend-config-files-common-4.2.23-150300.4.26.3 spacewalk-backend-config-files-tool-4.2.23-150300.4.26.3 spacewalk-backend-iss-4.2.23-150300.4.26.3 spacewalk-backend-iss-export-4.2.23-150300.4.26.3 spacewalk-backend-package-push-server-4.2.23-150300.4.26.3 spacewalk-backend-server-4.2.23-150300.4.26.3 spacewalk-backend-sql-4.2.23-150300.4.26.3 spacewalk-backend-sql-postgresql-4.2.23-150300.4.26.3 spacewalk-backend-tools-4.2.23-150300.4.26.3 spacewalk-backend-xml-export-libs-4.2.23-150300.4.26.3 spacewalk-backend-xmlrpc-4.2.23-150300.4.26.3 spacewalk-base-4.2.28-150300.3.24.3 spacewalk-base-minimal-4.2.28-150300.3.24.3 spacewalk-base-minimal-config-4.2.28-150300.3.24.3 spacewalk-certs-tools-4.2.17-150300.3.21.2 spacewalk-client-tools-4.2.19-150300.4.21.3 spacewalk-html-4.2.28-150300.3.24.3 spacewalk-java-4.2.40-150300.3.40.2 spacewalk-java-config-4.2.40-150300.3.40.2 spacewalk-java-lib-4.2.40-150300.3.40.2 spacewalk-java-postgresql-4.2.40-150300.3.40.2 spacewalk-search-4.2.7-150300.3.9.2 spacewalk-setup-4.2.11-150300.3.15.2 spacewalk-taskomatic-4.2.40-150300.3.40.2 spacewalk-utils-4.2.17-150300.3.18.3 spacewalk-utils-extras-4.2.17-150300.3.18.3 subscription-matcher-0.29-150300.6.9.2 susemanager-doc-indexes-4.2-150300.12.30.3 susemanager-docs_en-4.2-150300.12.30.2 susemanager-docs_en-pdf-4.2-150300.12.30.2 susemanager-retail-tools-1.0.1653987003.92d4870-150300.3.3.2 susemanager-schema-4.2.23-150300.3.24.3 susemanager-sls-4.2.26-150300.3.30.1 susemanager-sync-data-4.2.13-150300.3.21.2 uyuni-config-modules-4.2.26-150300.3.30.1 virtual-host-gatherer-1.0.23-150300.3.6.2 virtual-host-gatherer-Kubernetes-1.0.23-150300.3.6.2 virtual-host-gatherer-Nutanix-1.0.23-150300.3.6.2 virtual-host-gatherer-VMware-1.0.23-150300.3.6.2 virtual-host-gatherer-libcloud-1.0.23-150300.3.6.2 woodstox-4.4.2-150300.3.3.2 xmlpull-api-1.1.3.1-150300.3.3.2 References: https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1179962 https://bugzilla.suse.com/1182742 https://bugzilla.suse.com/1189501 https://bugzilla.suse.com/1192850 https://bugzilla.suse.com/1193032 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1194262 https://bugzilla.suse.com/1194394 https://bugzilla.suse.com/1196977 https://bugzilla.suse.com/1197429 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1198191 https://bugzilla.suse.com/1198356 https://bugzilla.suse.com/1198358 https://bugzilla.suse.com/1198429 https://bugzilla.suse.com/1198646 https://bugzilla.suse.com/1198686 https://bugzilla.suse.com/1198914 https://bugzilla.suse.com/1198944 https://bugzilla.suse.com/1198999 https://bugzilla.suse.com/1199019 https://bugzilla.suse.com/1199036 https://bugzilla.suse.com/1199049 https://bugzilla.suse.com/1199438 https://bugzilla.suse.com/1199466 https://bugzilla.suse.com/1199523 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199577 https://bugzilla.suse.com/1199596 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1199646 https://bugzilla.suse.com/1199656 https://bugzilla.suse.com/1199677 https://bugzilla.suse.com/1199679 https://bugzilla.suse.com/1199727 https://bugzilla.suse.com/1199874 https://bugzilla.suse.com/1199888 https://bugzilla.suse.com/1200087 https://bugzilla.suse.com/1200703 https://bugzilla.suse.com/1200707 https://bugzilla.suse.com/1200863 https://bugzilla.suse.com/1201782 https://bugzilla.suse.com/1201842 From sle-updates at lists.suse.com Wed Jul 27 19:24:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jul 2022 21:24:10 +0200 (CEST) Subject: SUSE-RU-2022:2568-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20220727192410.3E2FBF7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2568-1 Rating: moderate References: #1193238 #1197507 #1199019 #1199401 #1199528 #1199679 #1200087 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-daemon: - Version 4.2.9-1 * Update translation strings spacecmd: - Version 4.2.18-1 * on full system update call schedulePackageUpdate API (bsc#1197507) spacewalk-backend: - Version 4.2.23-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * store create-bootstrap logs in spacewalk-debug spacewalk-certs-tools: - Version 4.2.17-1 * use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087) spacewalk-client-tools: - Version 4.2.19-1 * Update translation strings spacewalk-proxy: - Version 4.2.11-1 * fix caching of debian packages in the proxy (bsc#1199401) spacewalk-web: - Version 4.2.28-1 * Stylesheets and relevant assets are now provided by spacewalk-web * Remove nodejs-packaging as a build requirement * Hide authentication data in PAYG UI (bsc#1199679) * Improved handling of error messages during bootstrapping * Added support for end of life notifications * Improved test integration for dropdowns * Upgrade moment to 2.29.2 * Fix outdated documentation and release notes links * Fix mimetype in kubeconfig validation request (bsc#1199019) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2568=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-daemon-4.2.9-150300.2.6.3 python3-spacewalk-certs-tools-4.2.17-150300.3.21.2 python3-spacewalk-check-4.2.19-150300.4.21.3 python3-spacewalk-client-setup-4.2.19-150300.4.21.3 python3-spacewalk-client-tools-4.2.19-150300.4.21.3 spacecmd-4.2.18-150300.4.24.3 spacewalk-backend-4.2.23-150300.4.26.3 spacewalk-base-minimal-4.2.28-150300.3.24.3 spacewalk-base-minimal-config-4.2.28-150300.3.24.3 spacewalk-certs-tools-4.2.17-150300.3.21.2 spacewalk-check-4.2.19-150300.4.21.3 spacewalk-client-setup-4.2.19-150300.4.21.3 spacewalk-client-tools-4.2.19-150300.4.21.3 spacewalk-proxy-broker-4.2.11-150300.3.18.2 spacewalk-proxy-common-4.2.11-150300.3.18.2 spacewalk-proxy-management-4.2.11-150300.3.18.2 spacewalk-proxy-package-manager-4.2.11-150300.3.18.2 spacewalk-proxy-redirect-4.2.11-150300.3.18.2 spacewalk-proxy-salt-4.2.11-150300.3.18.2 References: https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1199019 https://bugzilla.suse.com/1199401 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199679 https://bugzilla.suse.com/1200087 From sle-updates at lists.suse.com Thu Jul 28 07:15:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:15:36 +0200 (CEST) Subject: SUSE-RU-2022:2570-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220728071536.1C0B0F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2570-1 Rating: moderate References: #1194550 #1197684 #1199042 Affected Products: SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for "cmdout/monitor" - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2570=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2570=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-2570=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2570=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2570=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.30.2-150000.3.98.1 libzypp-debuginfo-17.30.2-150000.3.98.1 libzypp-debugsource-17.30.2-150000.3.98.1 libzypp-devel-17.30.2-150000.3.98.1 zypper-1.14.53-150000.3.72.1 zypper-debuginfo-1.14.53-150000.3.72.1 zypper-debugsource-1.14.53-150000.3.72.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-log-1.14.53-150000.3.72.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.30.2-150000.3.98.1 libzypp-debuginfo-17.30.2-150000.3.98.1 libzypp-debugsource-17.30.2-150000.3.98.1 libzypp-devel-17.30.2-150000.3.98.1 zypper-1.14.53-150000.3.72.1 zypper-debuginfo-1.14.53-150000.3.72.1 zypper-debugsource-1.14.53-150000.3.72.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-log-1.14.53-150000.3.72.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150000.3.98.1 zypper-1.14.53-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.30.2-150000.3.98.1 libzypp-debuginfo-17.30.2-150000.3.98.1 libzypp-debugsource-17.30.2-150000.3.98.1 libzypp-devel-17.30.2-150000.3.98.1 zypper-1.14.53-150000.3.72.1 zypper-debuginfo-1.14.53-150000.3.72.1 zypper-debugsource-1.14.53-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-log-1.14.53-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.30.2-150000.3.98.1 libzypp-debuginfo-17.30.2-150000.3.98.1 libzypp-debugsource-17.30.2-150000.3.98.1 libzypp-devel-17.30.2-150000.3.98.1 zypper-1.14.53-150000.3.72.1 zypper-debuginfo-1.14.53-150000.3.72.1 zypper-debugsource-1.14.53-150000.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-log-1.14.53-150000.3.72.1 References: https://bugzilla.suse.com/1194550 https://bugzilla.suse.com/1197684 https://bugzilla.suse.com/1199042 From sle-updates at lists.suse.com Thu Jul 28 07:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:16:26 +0200 (CEST) Subject: SUSE-RU-2022:2571-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220728071626.12D51F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2571-1 Rating: moderate References: #1194550 #1197684 #1199042 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for "cmdout/monitor" - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2571=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2571=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2571=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-2571=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2571=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2571=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2571=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150100.3.81.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE Enterprise Storage 6 (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 - SUSE CaaS Platform 4.0 (x86_64): libzypp-17.30.2-150100.3.81.1 libzypp-debuginfo-17.30.2-150100.3.81.1 libzypp-debugsource-17.30.2-150100.3.81.1 libzypp-devel-17.30.2-150100.3.81.1 zypper-1.14.53-150100.3.58.1 zypper-debuginfo-1.14.53-150100.3.58.1 zypper-debugsource-1.14.53-150100.3.58.1 - SUSE CaaS Platform 4.0 (noarch): zypper-log-1.14.53-150100.3.58.1 zypper-needs-restarting-1.14.53-150100.3.58.1 References: https://bugzilla.suse.com/1194550 https://bugzilla.suse.com/1197684 https://bugzilla.suse.com/1199042 From sle-updates at lists.suse.com Thu Jul 28 07:17:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:17:14 +0200 (CEST) Subject: SUSE-RU-2022:2573-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220728071714.D9236F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2573-1 Rating: moderate References: #1194550 #1197684 #1199042 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for "cmdout/monitor" - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2573=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2573=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150400.3.3.1 libzypp-debuginfo-17.30.2-150400.3.3.1 libzypp-debugsource-17.30.2-150400.3.3.1 libzypp-devel-17.30.2-150400.3.3.1 libzypp-devel-doc-17.30.2-150400.3.3.1 zypper-1.14.53-150400.3.3.1 zypper-debuginfo-1.14.53-150400.3.3.1 zypper-debugsource-1.14.53-150400.3.3.1 - openSUSE Leap 15.4 (noarch): zypper-aptitude-1.14.53-150400.3.3.1 zypper-log-1.14.53-150400.3.3.1 zypper-needs-restarting-1.14.53-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150400.3.3.1 libzypp-debuginfo-17.30.2-150400.3.3.1 libzypp-debugsource-17.30.2-150400.3.3.1 libzypp-devel-17.30.2-150400.3.3.1 zypper-1.14.53-150400.3.3.1 zypper-debuginfo-1.14.53-150400.3.3.1 zypper-debugsource-1.14.53-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): zypper-log-1.14.53-150400.3.3.1 zypper-needs-restarting-1.14.53-150400.3.3.1 References: https://bugzilla.suse.com/1194550 https://bugzilla.suse.com/1197684 https://bugzilla.suse.com/1199042 From sle-updates at lists.suse.com Thu Jul 28 07:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:18:08 +0200 (CEST) Subject: SUSE-RU-2022:2572-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220728071808.AF2E0F7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2572-1 Rating: moderate References: #1194550 #1197684 #1199042 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for "cmdout/monitor" - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2572=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2572=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2572=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2572=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2572=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2572=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2572=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2572=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2572=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2572=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-2572=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2572=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2572=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2572=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 libzypp-devel-doc-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - openSUSE Leap 15.3 (noarch): zypper-aptitude-1.14.53-150200.33.1 zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Manager Proxy 4.1 (x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Micro 5.2 (noarch): zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.30.2-150200.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libzypp-17.30.2-150200.39.1 libzypp-debuginfo-17.30.2-150200.39.1 libzypp-debugsource-17.30.2-150200.39.1 libzypp-devel-17.30.2-150200.39.1 zypper-1.14.53-150200.33.1 zypper-debuginfo-1.14.53-150200.33.1 zypper-debugsource-1.14.53-150200.33.1 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.53-150200.33.1 zypper-needs-restarting-1.14.53-150200.33.1 References: https://bugzilla.suse.com/1194550 https://bugzilla.suse.com/1197684 https://bugzilla.suse.com/1199042 From sle-updates at lists.suse.com Thu Jul 28 07:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:21:56 +0200 (CEST) Subject: SUSE-CU-2022:1672-1: Security update of bci/bci-init Message-ID: <20220728072156.7E673F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1672-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.26 Container Release : 17.26 Severity : important Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1188127 1194708 1195157 1196125 1197570 1198507 1198732 1200170 1200855 1201225 1201560 1201640 CVE-2022-34903 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) The following package changes have been done: - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - systemd-246.16-150300.7.48.1 updated - timezone-2022a-150000.75.7.1 added - udev-246.16-150300.7.48.1 updated - container:sles15-image-15.0.0-17.20.5 updated From sle-updates at lists.suse.com Thu Jul 28 07:27:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:27:18 +0200 (CEST) Subject: SUSE-CU-2022:1680-1: Security update of bci/golang Message-ID: <20220728072718.B7A85F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1680-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.26 Container Release : 13.26 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated From sle-updates at lists.suse.com Thu Jul 28 07:28:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:28:13 +0200 (CEST) Subject: SUSE-CU-2022:1681-1: Security update of bci/golang Message-ID: <20220728072813.46325F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1681-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.26 Container Release : 12.26 Severity : important Type : security References : 1196490 1199132 1199235 1201431 CVE-2022-1587 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:28:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:28:52 +0200 (CEST) Subject: SUSE-CU-2022:1682-1: Security update of bci/golang Message-ID: <20220728072852.1E280F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1682-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.24 , bci/golang:latest Container Release : 7.24 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:29:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:29:22 +0200 (CEST) Subject: SUSE-CU-2022:1683-1: Security update of bci/bci-init Message-ID: <20220728072922.BB40BF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1683-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.19.15 , bci/bci-init:latest Container Release : 19.15 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:29:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:29:53 +0200 (CEST) Subject: SUSE-CU-2022:1684-1: Security update of bci/nodejs Message-ID: <20220728072953.518C0F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1684-1 Container Tags : bci/node:14 , bci/node:14-13.27 , bci/nodejs:14 , bci/nodejs:14-13.27 Container Release : 13.27 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated From sle-updates at lists.suse.com Thu Jul 28 07:30:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:30:22 +0200 (CEST) Subject: SUSE-CU-2022:1685-1: Security update of bci/nodejs Message-ID: <20220728073022.9BB1EF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1685-1 Container Tags : bci/node:16 , bci/node:16-8.24 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.24 , bci/nodejs:latest Container Release : 8.24 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:31:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:31:33 +0200 (CEST) Subject: SUSE-CU-2022:1686-1: Security update of bci/openjdk-devel Message-ID: <20220728073133.71B0CF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1686-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.47 , bci/openjdk-devel:latest Container Release : 14.47 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated - container:bci-openjdk-11-11-12.24 updated From sle-updates at lists.suse.com Thu Jul 28 07:32:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:32:52 +0200 (CEST) Subject: SUSE-CU-2022:1688-1: Security update of bci/python Message-ID: <20220728073252.70FADF7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1688-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.25 , bci/python:latest Container Release : 4.25 Severity : important Type : security References : 1196490 1199132 1199235 1201431 CVE-2022-1587 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:33:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:33:19 +0200 (CEST) Subject: SUSE-CU-2022:1689-1: Security update of bci/python Message-ID: <20220728073319.DC0E9F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1689-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.25 Container Release : 12.25 Severity : important Type : security References : 1199235 CVE-2022-1587 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.6.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:34:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:34:23 +0200 (CEST) Subject: SUSE-CU-2022:1690-1: Security update of bci/ruby Message-ID: <20220728073423.91B56F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1690-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.21 , bci/ruby:latest Container Release : 10.21 Severity : important Type : security References : 1196490 1199132 1199235 1201431 CVE-2022-1587 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 07:34:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 09:34:33 +0200 (CEST) Subject: SUSE-CU-2022:1691-1: Security update of bci/rust Message-ID: <20220728073433.B7DA1F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1691-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.11 Container Release : 9.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - container:sles15-image-15.0.0-27.11.6 updated From sle-updates at lists.suse.com Thu Jul 28 13:15:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:15:14 +0200 (CEST) Subject: SUSE-SU-2022:2577-1: important: Security update for crash Message-ID: <20220728131514.87383F7C9@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2577-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-2577=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): crash-kmp-rt-7.2.9_k5.3.18_150300.93-150300.3.2.1 crash-kmp-rt-debuginfo-7.2.9_k5.3.18_150300.93-150300.3.2.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 28 13:15:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:15:45 +0200 (CEST) Subject: SUSE-RU-2022:2576-1: moderate: Recommended update for crash Message-ID: <20220728131545.04E3DF7C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2576-1 Rating: moderate References: #1195911 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issues: - Fix lookup of symbol "linux_banner", as in newer kernels the symbol is placed in the .init section ('D') as opposed to the read-only section ('R'). Also make this specific to kernels >= 2.6.11 (bsc#1195911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2576=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2576=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-8.19.2 crash-debugsource-7.2.1-8.19.2 crash-devel-7.2.1-8.19.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): crash-7.2.1-8.19.2 crash-debuginfo-7.2.1-8.19.2 crash-debugsource-7.2.1-8.19.2 crash-kmp-default-7.2.1_k4.12.14_122.127-8.19.2 crash-kmp-default-debuginfo-7.2.1_k4.12.14_122.127-8.19.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): crash-gcore-7.2.1-8.19.2 crash-gcore-debuginfo-7.2.1-8.19.2 References: https://bugzilla.suse.com/1195911 From sle-updates at lists.suse.com Thu Jul 28 13:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:16:19 +0200 (CEST) Subject: SUSE-FU-2022:2579-1: important: Feature update for regionServiceClientConfigEC2 Message-ID: <20220728131619.800F8F7C9@maintenance.suse.de> SUSE Feature Update: Feature update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2579-1 Rating: important References: SLE-22209 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This recommended update provides: python-cssselect: - Deliver missing binaries to the Public Cloud Unrestricted repository. (jsc#SLE-22209) python-lxml: - Deliver missing binaries to the Public Cloud Unrestricted repository. (jsc#SLE-22209) regionServiceClientConfigEC2: - Deliver missing binaries to the Public Cloud Unrestricted repository. (jsc#SLE-22209) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2579=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2579=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2579=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python3-cssselect-0.8-3.7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python3-lxml-3.3.5-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-cssselect-0.8-3.7.1 python3-lxml-doc-3.3.5-3.9.1 regionServiceClientConfigEC2-3.1.0-4.18.1 References: From sle-updates at lists.suse.com Thu Jul 28 13:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:16:50 +0200 (CEST) Subject: SUSE-SU-2022:2578-1: important: Security update for crash Message-ID: <20220728131650.13CAEF7C9@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2578-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2578=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2578=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): crash-7.1.8-4.17.1 crash-debuginfo-7.1.8-4.17.1 crash-debugsource-7.1.8-4.17.1 crash-gcore-7.1.8-4.17.1 crash-gcore-debuginfo-7.1.8-4.17.1 crash-kmp-default-7.1.8_k4.4.180_94.164-4.17.1 crash-kmp-default-debuginfo-7.1.8_k4.4.180_94.164-4.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): crash-7.1.5-15.9.1 crash-debuginfo-7.1.5-15.9.1 crash-debugsource-7.1.5-15.9.1 crash-gcore-7.1.5-15.9.1 crash-gcore-debuginfo-7.1.5-15.9.1 crash-kmp-default-7.1.5_k4.4.121_92.175-15.9.1 crash-kmp-default-debuginfo-7.1.5_k4.4.121_92.175-15.9.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 28 13:17:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:17:27 +0200 (CEST) Subject: SUSE-SU-2022:2574-1: important: Security update for xen Message-ID: <20220728131727.D5848F7C9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2574-1 Rating: important References: #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2574=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_30-3.106.1 xen-debugsource-4.9.4_30-3.106.1 xen-doc-html-4.9.4_30-3.106.1 xen-libs-32bit-4.9.4_30-3.106.1 xen-libs-4.9.4_30-3.106.1 xen-libs-debuginfo-32bit-4.9.4_30-3.106.1 xen-libs-debuginfo-4.9.4_30-3.106.1 xen-tools-4.9.4_30-3.106.1 xen-tools-debuginfo-4.9.4_30-3.106.1 xen-tools-domU-4.9.4_30-3.106.1 xen-tools-domU-debuginfo-4.9.4_30-3.106.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Thu Jul 28 13:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 15:18:30 +0200 (CEST) Subject: SUSE-SU-2022:2575-1: important: Security update for crash Message-ID: <20220728131830.DE10DF7C9@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2575-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-2575=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): crash-kmp-rt-7.2.1_k4.12.14_10.89-4.4.2 crash-kmp-rt-debuginfo-7.2.1_k4.12.14_10.89-4.4.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Jul 28 19:14:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 21:14:59 +0200 (CEST) Subject: SUSE-SU-2022:2580-1: moderate: Security update for samba Message-ID: <20220728191459.31851F7C9@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2580-1 Rating: moderate References: #1201496 Cross-References: CVE-2022-32742 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2580=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.13+git.548.677411ecdb1-150200.3.15.1 ctdb-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libdcerpc-binding0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libdcerpc-binding0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libdcerpc0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libdcerpc0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-krb5pac0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-krb5pac0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-nbt0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-nbt0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-standard0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr-standard0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr1-4.13.13+git.548.677411ecdb1-150200.3.15.1 libndr1-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libnetapi0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libnetapi0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-credentials0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-credentials0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-errors0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-errors0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-hostconfig0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-hostconfig0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-passdb0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-passdb0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-util0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamba-util0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamdb0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsamdb0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbclient0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbclient0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbconf0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbconf0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbldap2-4.13.13+git.548.677411ecdb1-150200.3.15.1 libsmbldap2-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libtevent-util0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libtevent-util0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 libwbclient0-4.13.13+git.548.677411ecdb1-150200.3.15.1 libwbclient0-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-ceph-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-ceph-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-client-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-client-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-debugsource-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-libs-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-libs-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-libs-python3-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-libs-python3-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-winbind-4.13.13+git.548.677411ecdb1-150200.3.15.1 samba-winbind-debuginfo-4.13.13+git.548.677411ecdb1-150200.3.15.1 References: https://www.suse.com/security/cve/CVE-2022-32742.html https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Thu Jul 28 19:15:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jul 2022 21:15:33 +0200 (CEST) Subject: SUSE-SU-2022:2581-1: moderate: Security update for libguestfs Message-ID: <20220728191533.689F6F7C9@maintenance.suse.de> SUSE Security Update: Security update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2581-1 Rating: moderate References: #1201064 Cross-References: CVE-2022-2211 CVSS scores: CVE-2022-2211 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2211 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libguestfs fixes the following issues: - CVE-2022-2211: Fixed a buffer overflow in get_keys (bsc#1201064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2581=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2581=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2581=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): guestfs-data-1.44.2-150400.3.3.1 guestfs-tools-1.44.2-150400.3.3.1 guestfs-tools-debuginfo-1.44.2-150400.3.3.1 guestfs-winsupport-1.44.2-150400.3.3.1 guestfsd-1.44.2-150400.3.3.1 guestfsd-debuginfo-1.44.2-150400.3.3.1 libguestfs-debugsource-1.44.2-150400.3.3.1 libguestfs-devel-1.44.2-150400.3.3.1 libguestfs-test-1.44.2-150400.3.3.1 libguestfs0-1.44.2-150400.3.3.1 libguestfs0-debuginfo-1.44.2-150400.3.3.1 lua-libguestfs-1.44.2-150400.3.3.1 lua-libguestfs-debuginfo-1.44.2-150400.3.3.1 ocaml-libguestfs-1.44.2-150400.3.3.1 ocaml-libguestfs-debuginfo-1.44.2-150400.3.3.1 ocaml-libguestfs-devel-1.44.2-150400.3.3.1 perl-Sys-Guestfs-1.44.2-150400.3.3.1 perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1 python3-libguestfs-1.44.2-150400.3.3.1 python3-libguestfs-debuginfo-1.44.2-150400.3.3.1 rubygem-libguestfs-1.44.2-150400.3.3.1 rubygem-libguestfs-debuginfo-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): guestfs-data-1.44.2-150400.3.3.1 guestfs-tools-1.44.2-150400.3.3.1 guestfs-tools-debuginfo-1.44.2-150400.3.3.1 guestfs-winsupport-1.44.2-150400.3.3.1 guestfsd-1.44.2-150400.3.3.1 guestfsd-debuginfo-1.44.2-150400.3.3.1 libguestfs-debugsource-1.44.2-150400.3.3.1 libguestfs-devel-1.44.2-150400.3.3.1 libguestfs0-1.44.2-150400.3.3.1 libguestfs0-debuginfo-1.44.2-150400.3.3.1 perl-Sys-Guestfs-1.44.2-150400.3.3.1 perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1 python3-libguestfs-1.44.2-150400.3.3.1 python3-libguestfs-debuginfo-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.44.2-150400.3.3.1 ocaml-libguestfs-devel-1.44.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2211.html https://bugzilla.suse.com/1201064 From sle-updates at lists.suse.com Fri Jul 29 07:36:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 09:36:09 +0200 (CEST) Subject: SUSE-CU-2022:1693-1: Recommended update of suse/sle15 Message-ID: <20220729073609.6FF2DF7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1693-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.587 Container Release : 4.22.587 Severity : moderate Type : recommended References : 1194550 1197684 1199042 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2570-1 Released: Thu Jul 28 04:19:47 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libzypp-17.30.2-150000.3.98.1 updated - zypper-1.14.53-150000.3.72.1 updated From sle-updates at lists.suse.com Fri Jul 29 07:41:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 09:41:25 +0200 (CEST) Subject: SUSE-CU-2022:1694-1: Recommended update of bci/bci-init Message-ID: <20220729074125.DCC96F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1694-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.28 Container Release : 17.28 Severity : moderate Type : recommended References : 1194550 1197684 1199042 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libzypp-17.30.2-150200.39.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Fri Jul 29 07:47:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 09:47:42 +0200 (CEST) Subject: SUSE-CU-2022:1696-1: Security update of bci/nodejs Message-ID: <20220729074742.26CB2F7C9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1696-1 Container Tags : bci/node:12 , bci/node:12-16.116 , bci/nodejs:12 , bci/nodejs:12-16.116 Container Release : 16.116 Severity : important Type : security References : 1194550 1196125 1197684 1199042 1200855 1201225 1201431 1201560 1201640 CVE-2022-29187 CVE-2022-34903 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - git-core-2.35.3-150300.10.15.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - libzypp-17.30.2-150200.39.1 updated - zypper-1.14.53-150200.33.1 updated - container:sles15-image-15.0.0-17.20.6 updated From sle-updates at lists.suse.com Fri Jul 29 07:53:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 09:53:24 +0200 (CEST) Subject: SUSE-CU-2022:1706-1: Security update of suse/sle15 Message-ID: <20220729075324.9F23EF7C9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1706-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.7 , suse/sle15:15.4 , suse/sle15:15.4.27.11.7 Container Release : 27.11.7 Severity : important Type : security References : 1194550 1196490 1197684 1199042 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - libzypp-17.30.2-150400.3.3.1 updated - zypper-1.14.53-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Jul 29 13:15:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:15:38 +0200 (CEST) Subject: SUSE-RU-2022:2588-1: moderate: Recommended update for fence-agents Message-ID: <20220729131538.B2731FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2588-1 Rating: moderate References: #1195891 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issue: - Azure fence agent doesn't work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' (bsc#1195891) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2588=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2588=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2588=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2588=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2588=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2588=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.14.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.14.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.14.1 References: https://bugzilla.suse.com/1195891 From sle-updates at lists.suse.com Fri Jul 29 13:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2586-1: important: Security update for ldb, samba Message-ID: <20220729131621.3DC30FDCF@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2586-1 Rating: important References: #1196224 #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2586=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2586=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2586=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2586=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2586=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2586=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-32bit-2.4.3-150300.3.20.1 python3-ldb-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Fri Jul 29 13:17:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:17:44 +0200 (CEST) Subject: SUSE-RU-2022:2589-1: moderate: Recommended update for fence-agents Message-ID: <20220729131744.1DC3BFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2589-1 Rating: moderate References: #1195891 #1198872 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fence-agents fixes the following issues: - Azure fence agent doesn't work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' (bsc#1195891). - fence-agents broken in GCP due to missing "--zone" parameter (bsc#1198872). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2589=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2589=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-3.35.2 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.35.2 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.35.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-3.35.2 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.35.2 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.35.2 References: https://bugzilla.suse.com/1195891 https://bugzilla.suse.com/1198872 From sle-updates at lists.suse.com Fri Jul 29 13:18:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:18:22 +0200 (CEST) Subject: SUSE-SU-2022:2583-1: important: Security update for aws-iam-authenticator Message-ID: <20220729131822.B4EE4FDCF@maintenance.suse.de> SUSE Security Update: Security update for aws-iam-authenticator ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2583-1 Rating: important References: #1201395 Cross-References: CVE-2022-2385 CVSS scores: CVE-2022-2385 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2385 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2583=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-2583=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 References: https://www.suse.com/security/cve/CVE-2022-2385.html https://bugzilla.suse.com/1201395 From sle-updates at lists.suse.com Fri Jul 29 13:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:18:56 +0200 (CEST) Subject: SUSE-RU-2022:2587-1: moderate: Recommended update for fence-agents Message-ID: <20220729131856.A6831FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2587-1 Rating: moderate References: #1195891 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issue: - Azure fence agent doesn't work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' (bsc#1195891). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2587=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2587=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2587=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.38.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.38.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.38.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.38.1 References: https://bugzilla.suse.com/1195891 From sle-updates at lists.suse.com Fri Jul 29 13:19:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:19:33 +0200 (CEST) Subject: SUSE-SU-2022:2582-1: important: Security update for samba Message-ID: <20220729131933.37A26FDCF@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2582-1 Rating: important References: #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: This update for samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bugs were fixed: - netgroups support removed; (bso#15087); (bsc#1199247). - net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734). - smbclient commands del and deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). - move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2582=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2582=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2582=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.8+git.462.e73f4310487-3.68.1 libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1 samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1 samba-devel-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1 libsamba-policy0-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-4.15.8+git.462.e73f4310487-3.68.1 samba-client-4.15.8+git.462.e73f4310487-3.68.1 samba-client-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1 samba-client-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1 samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1 samba-ldb-ldap-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-python3-4.15.8+git.462.e73f4310487-3.68.1 samba-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-tool-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1 libsamba-policy0-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-client-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-client-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-libs-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1 samba-winbind-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.8+git.462.e73f4310487-3.68.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.8+git.462.e73f4310487-3.68.1 ctdb-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1 samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Fri Jul 29 13:20:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:20:50 +0200 (CEST) Subject: SUSE-SU-2022:2585-1: moderate: Security update for samba Message-ID: <20220729132050.3AC42FDCF@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2585-1 Rating: moderate References: #1201496 Cross-References: CVE-2022-32742 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2585=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2585=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2585=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2585=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2585=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-core-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debugsource-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-core-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debugsource-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-core-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debugsource-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-samr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-policy0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-core-devel-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debugsource-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libdcerpc0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr-standard0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libndr0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libnetapi0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamba-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsamdb0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbconf0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libsmbldap2-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libtevent-util0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 libwbclient0-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-client-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-libs-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-winbind-32bit-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.369.b2cad0ee592-150000.4.66.1 ctdb-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debuginfo-4.7.11+git.369.b2cad0ee592-150000.4.66.1 samba-debugsource-4.7.11+git.369.b2cad0ee592-150000.4.66.1 References: https://www.suse.com/security/cve/CVE-2022-32742.html https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Fri Jul 29 13:21:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 15:21:29 +0200 (CEST) Subject: SUSE-SU-2022:2584-1: critical: Security update for u-boot Message-ID: <20220729132129.55273FDCF@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2584-1 Rating: critical References: #1200363 #1200364 #1201214 Cross-References: CVE-2022-30552 CVE-2022-30790 CVE-2022-34835 CVSS scores: CVE-2022-30552 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-30790: Fixed an arbitrary out-of-bounds write in the IP defragmentation (bsc#1200364). - CVE-2022-30552: Fixed an out-of-bounds write in the IP defragmentation (bsc#1200363). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2584=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2584=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2584=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2584=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): u-boot-tools-2018.03-150000.4.11.1 u-boot-tools-debuginfo-2018.03-150000.4.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): u-boot-tools-2018.03-150000.4.11.1 u-boot-tools-debuginfo-2018.03-150000.4.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): u-boot-rpi3-2018.03-150000.4.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): u-boot-tools-2018.03-150000.4.11.1 u-boot-tools-debuginfo-2018.03-150000.4.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): u-boot-rpi3-2018.03-150000.4.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): u-boot-tools-2018.03-150000.4.11.1 u-boot-tools-debuginfo-2018.03-150000.4.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): u-boot-rpi3-2018.03-150000.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 https://bugzilla.suse.com/1201214 From sle-updates at lists.suse.com Fri Jul 29 16:15:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 18:15:34 +0200 (CEST) Subject: SUSE-RU-2022:2590-1: critical: Recommended update for suse-migration-services and suse-migration-rpm Message-ID: <20220729161534.6DFBDFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services and suse-migration-rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2590-1 Rating: critical References: Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update provides the following changes: - Deliver missing binary suse-migration-pre-checks Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2590=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2590=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): suse-migration-rpm-1.0.1-150000.1.14.1 - openSUSE Leap 15.4 (noarch): suse-migration-pre-checks-2.0.33-150000.1.48.1 suse-migration-services-2.0.33-150000.1.48.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): suse-migration-rpm-1.0.1-150000.1.14.1 - openSUSE Leap 15.3 (noarch): suse-migration-pre-checks-2.0.33-150000.1.48.1 suse-migration-services-2.0.33-150000.1.48.1 References: From sle-updates at lists.suse.com Fri Jul 29 16:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 18:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2591-1: important: Security update for xen Message-ID: <20220729161606.6CA36FDCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2591-1 Rating: important References: #1027519 #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2591=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2591=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2591=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2591=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2591=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2591=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2591=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2591=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2591=1 Package List: - SUSE Manager Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Manager Server 4.1 (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Manager Proxy 4.1 (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Manager Proxy 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_12-150200.3.58.1 xen-debugsource-4.13.4_12-150200.3.58.1 xen-devel-4.13.4_12-150200.3.58.1 xen-libs-4.13.4_12-150200.3.58.1 xen-libs-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-4.13.4_12-150200.3.58.1 xen-tools-debuginfo-4.13.4_12-150200.3.58.1 xen-tools-domU-4.13.4_12-150200.3.58.1 xen-tools-domU-debuginfo-4.13.4_12-150200.3.58.1 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_12-150200.3.58.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Fri Jul 29 16:17:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 18:17:21 +0200 (CEST) Subject: SUSE-RU-2022:2593-1: moderate: Recommended update for perl-IO-Socket-SSL Message-ID: <20220729161721.BC6A3FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-IO-Socket-SSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2593-1 Rating: moderate References: #1200295 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-IO-Socket-SSL fixes the following issues: - Follow system crypto-policies "PROFILE=SYSTEM" on OpenSSL ciphers (bsc#1200295) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2593=1 Package List: - openSUSE Leap 15.4 (noarch): perl-IO-Socket-SSL-2.066-150400.7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): perl-IO-Socket-SSL-2.066-150400.7.3.1 References: https://bugzilla.suse.com/1200295 From sle-updates at lists.suse.com Fri Jul 29 16:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 18:18:01 +0200 (CEST) Subject: SUSE-SU-2022:2592-1: important: Security update for rubygem-tzinfo Message-ID: <20220729161801.BC930FDCF@maintenance.suse.de> SUSE Security Update: Security update for rubygem-tzinfo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2592-1 Rating: important References: #1201835 Cross-References: CVE-2022-31163 CVSS scores: CVE-2022-31163 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2592=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2592=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2592=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-31163.html https://bugzilla.suse.com/1201835 From sle-updates at lists.suse.com Fri Jul 29 19:15:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:15:33 +0200 (CEST) Subject: SUSE-SU-2022:2598-1: moderate: Security update for samba Message-ID: <20220729191533.E068DFDCF@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2598-1 Rating: moderate References: #1201496 Cross-References: CVE-2022-32742 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2598=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2598=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2598=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2598=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2598=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2598=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc-binding0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libdcerpc0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-krb5pac0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-nbt0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr-standard0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libndr0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libnetapi0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-credentials0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-errors0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-hostconfig0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-passdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamba-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsamdb0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbconf0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libsmbldap0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libtevent-util0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 libwbclient0-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-client-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-libs-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-32bit-4.6.16+git.324.6bba9ddab76-3.73.1 samba-winbind-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.324.6bba9ddab76-3.73.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.324.6bba9ddab76-3.73.1 ctdb-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debuginfo-4.6.16+git.324.6bba9ddab76-3.73.1 samba-debugsource-4.6.16+git.324.6bba9ddab76-3.73.1 References: https://www.suse.com/security/cve/CVE-2022-32742.html https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Fri Jul 29 19:16:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:16:15 +0200 (CEST) Subject: SUSE-SU-2022:2602-1: important: Security update for MozillaFirefox Message-ID: <20220729191615.48AD9FDCF@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2602-1 Rating: important References: #1201758 Cross-References: CVE-2022-36318 CVE-2022-36319 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2602=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2602=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2602=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2602=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2602=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2602=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2602=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2602=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.12.0-112.124.1 MozillaFirefox-debuginfo-91.12.0-112.124.1 MozillaFirefox-debugsource-91.12.0-112.124.1 MozillaFirefox-devel-91.12.0-112.124.1 MozillaFirefox-translations-common-91.12.0-112.124.1 References: https://www.suse.com/security/cve/CVE-2022-36318.html https://www.suse.com/security/cve/CVE-2022-36319.html https://bugzilla.suse.com/1201758 From sle-updates at lists.suse.com Fri Jul 29 19:17:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:17:04 +0200 (CEST) Subject: SUSE-SU-2022:2597-1: important: Security update for xen Message-ID: <20220729191704.51058FDCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2597-1 Rating: important References: #1027519 #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2597=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2597=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.1_06-150400.4.8.1 xen-debugsource-4.16.1_06-150400.4.8.1 xen-devel-4.16.1_06-150400.4.8.1 xen-doc-html-4.16.1_06-150400.4.8.1 xen-libs-4.16.1_06-150400.4.8.1 xen-libs-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-4.16.1_06-150400.4.8.1 xen-tools-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-domU-4.16.1_06-150400.4.8.1 xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.1_06-150400.4.8.1 xen-libs-32bit-debuginfo-4.16.1_06-150400.4.8.1 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.1_06-150400.4.8.1 xen-debugsource-4.16.1_06-150400.4.8.1 xen-devel-4.16.1_06-150400.4.8.1 xen-tools-4.16.1_06-150400.4.8.1 xen-tools-debuginfo-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.1_06-150400.4.8.1 xen-libs-4.16.1_06-150400.4.8.1 xen-libs-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-domU-4.16.1_06-150400.4.8.1 xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Fri Jul 29 19:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:18:15 +0200 (CEST) Subject: SUSE-SU-2022:2595-1: important: Security update for mozilla-nss Message-ID: <20220729191815.71A48FDCF@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2595-1 Rating: important References: #1192079 #1192080 #1192086 #1192087 #1192228 #1198486 #1200027 Cross-References: CVE-2022-31741 CVSS scores: CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2595=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150400.3.7.1 libfreebl3-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-3.79-150400.3.7.1 libsoftokn3-3.79-150400.3.7.1 libsoftokn3-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-3.79-150400.3.7.1 mozilla-nss-3.79-150400.3.7.1 mozilla-nss-certs-3.79-150400.3.7.1 mozilla-nss-certs-debuginfo-3.79-150400.3.7.1 mozilla-nss-debuginfo-3.79-150400.3.7.1 mozilla-nss-debugsource-3.79-150400.3.7.1 mozilla-nss-devel-3.79-150400.3.7.1 mozilla-nss-sysinit-3.79-150400.3.7.1 mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1 mozilla-nss-tools-3.79-150400.3.7.1 mozilla-nss-tools-debuginfo-3.79-150400.3.7.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79-150400.3.7.1 libfreebl3-32bit-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-certs-32bit-3.79-150400.3.7.1 mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-sysinit-32bit-3.79-150400.3.7.1 mozilla-nss-sysinit-32bit-debuginfo-3.79-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150400.3.7.1 libfreebl3-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-3.79-150400.3.7.1 libsoftokn3-3.79-150400.3.7.1 libsoftokn3-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-3.79-150400.3.7.1 mozilla-nss-3.79-150400.3.7.1 mozilla-nss-certs-3.79-150400.3.7.1 mozilla-nss-certs-debuginfo-3.79-150400.3.7.1 mozilla-nss-debuginfo-3.79-150400.3.7.1 mozilla-nss-debugsource-3.79-150400.3.7.1 mozilla-nss-devel-3.79-150400.3.7.1 mozilla-nss-sysinit-3.79-150400.3.7.1 mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1 mozilla-nss-tools-3.79-150400.3.7.1 mozilla-nss-tools-debuginfo-3.79-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79-150400.3.7.1 libfreebl3-32bit-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-certs-32bit-3.79-150400.3.7.1 mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-31741.html https://bugzilla.suse.com/1192079 https://bugzilla.suse.com/1192080 https://bugzilla.suse.com/1192086 https://bugzilla.suse.com/1192087 https://bugzilla.suse.com/1192228 https://bugzilla.suse.com/1198486 https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Fri Jul 29 19:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:19:22 +0200 (CEST) Subject: SUSE-SU-2022:2601-1: important: Security update for xen Message-ID: <20220729191922.13DA9FDCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2601-1 Rating: important References: #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2601=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2601=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2601=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_36-150000.3.77.1 xen-debugsource-4.10.4_36-150000.3.77.1 xen-devel-4.10.4_36-150000.3.77.1 xen-libs-4.10.4_36-150000.3.77.1 xen-libs-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-4.10.4_36-150000.3.77.1 xen-tools-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-domU-4.10.4_36-150000.3.77.1 xen-tools-domU-debuginfo-4.10.4_36-150000.3.77.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_36-150000.3.77.1 xen-debugsource-4.10.4_36-150000.3.77.1 xen-devel-4.10.4_36-150000.3.77.1 xen-libs-4.10.4_36-150000.3.77.1 xen-libs-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-4.10.4_36-150000.3.77.1 xen-tools-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-domU-4.10.4_36-150000.3.77.1 xen-tools-domU-debuginfo-4.10.4_36-150000.3.77.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_36-150000.3.77.1 xen-debugsource-4.10.4_36-150000.3.77.1 xen-devel-4.10.4_36-150000.3.77.1 xen-libs-4.10.4_36-150000.3.77.1 xen-libs-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-4.10.4_36-150000.3.77.1 xen-tools-debuginfo-4.10.4_36-150000.3.77.1 xen-tools-domU-4.10.4_36-150000.3.77.1 xen-tools-domU-debuginfo-4.10.4_36-150000.3.77.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Fri Jul 29 19:20:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:20:38 +0200 (CEST) Subject: SUSE-SU-2022:2599-1: important: Security update for xen Message-ID: <20220729192038.74ABDFDCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2599-1 Rating: important References: #1027519 #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2599=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2599=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2599=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2599=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2599=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_04-150300.3.32.1 xen-debugsource-4.14.5_04-150300.3.32.1 xen-devel-4.14.5_04-150300.3.32.1 xen-doc-html-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-4.14.5_04-150300.3.32.1 xen-tools-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-domU-4.14.5_04-150300.3.32.1 xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_04-150300.3.32.1 xen-libs-32bit-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_04-150300.3.32.1 xen-debugsource-4.14.5_04-150300.3.32.1 xen-devel-4.14.5_04-150300.3.32.1 xen-tools-4.14.5_04-150300.3.32.1 xen-tools-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-domU-4.14.5_04-150300.3.32.1 xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Fri Jul 29 19:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:21:53 +0200 (CEST) Subject: SUSE-SU-2022:2596-1: important: Security update for MozillaFirefox Message-ID: <20220729192153.CECB3FDCF@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2596-1 Rating: important References: #1201758 Cross-References: CVE-2022-36318 CVE-2022-36319 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2596=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2596=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2596=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2596=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2596=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2596=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2596=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2596=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.12.0-150000.150.50.1 MozillaFirefox-debuginfo-91.12.0-150000.150.50.1 MozillaFirefox-debugsource-91.12.0-150000.150.50.1 MozillaFirefox-devel-91.12.0-150000.150.50.1 MozillaFirefox-translations-common-91.12.0-150000.150.50.1 MozillaFirefox-translations-other-91.12.0-150000.150.50.1 References: https://www.suse.com/security/cve/CVE-2022-36318.html https://www.suse.com/security/cve/CVE-2022-36319.html https://bugzilla.suse.com/1201758 From sle-updates at lists.suse.com Fri Jul 29 19:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jul 2022 21:22:39 +0200 (CEST) Subject: SUSE-SU-2022:2600-1: important: Security update for xen Message-ID: <20220729192239.2063AFDCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2600-1 Rating: important References: #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2600=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2600=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2600=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2600=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2600=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2600=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_26-150100.3.75.1 xen-debugsource-4.12.4_26-150100.3.75.1 xen-devel-4.12.4_26-150100.3.75.1 xen-libs-4.12.4_26-150100.3.75.1 xen-libs-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-4.12.4_26-150100.3.75.1 xen-tools-debuginfo-4.12.4_26-150100.3.75.1 xen-tools-domU-4.12.4_26-150100.3.75.1 xen-tools-domU-debuginfo-4.12.4_26-150100.3.75.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469 From sle-updates at lists.suse.com Sat Jul 30 07:17:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Jul 2022 09:17:20 +0200 (CEST) Subject: SUSE-CU-2022:1708-1: Recommended update of bci/python Message-ID: <20220730071720.A7AFCFCED@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1708-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.38 Container Release : 18.38 Severity : moderate Type : recommended References : 1194550 1197684 1199042 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libzypp-17.30.2-150200.39.1 updated - zypper-1.14.53-150200.33.1 updated - container:sles15-image-15.0.0-17.20.6 updated From sle-updates at lists.suse.com Sat Jul 30 07:18:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Jul 2022 09:18:05 +0200 (CEST) Subject: SUSE-CU-2022:1709-1: Security update of suse/389-ds Message-ID: <20220730071805.A90F8FCED@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1709-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.31 , suse/389-ds:latest Container Release : 14.31 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 CVE-2022-31741 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) The following package changes have been done: - libfreebl3-3.79-150400.3.7.1 updated - libfreebl3-hmac-3.79-150400.3.7.1 updated - mozilla-nss-certs-3.79-150400.3.7.1 updated - libsoftokn3-3.79-150400.3.7.1 updated - mozilla-nss-3.79-150400.3.7.1 updated - mozilla-nss-tools-3.79-150400.3.7.1 updated - libsoftokn3-hmac-3.79-150400.3.7.1 updated - container:sles15-image-15.0.0-27.11.7 updated From sle-updates at lists.suse.com Sat Jul 30 07:19:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Jul 2022 09:19:25 +0200 (CEST) Subject: SUSE-CU-2022:1710-1: Security update of bci/openjdk-devel Message-ID: <20220730071925.5BDE8FCED@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1710-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.50 , bci/openjdk-devel:latest Container Release : 14.50 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 CVE-2022-31741 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) The following package changes have been done: - libfreebl3-3.79-150400.3.7.1 updated - libfreebl3-hmac-3.79-150400.3.7.1 updated - mozilla-nss-certs-3.79-150400.3.7.1 updated - libsoftokn3-3.79-150400.3.7.1 updated - mozilla-nss-3.79-150400.3.7.1 updated - libsoftokn3-hmac-3.79-150400.3.7.1 updated - container:bci-openjdk-11-11-12.26 updated From sle-updates at lists.suse.com Sat Jul 30 07:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Jul 2022 09:19:56 +0200 (CEST) Subject: SUSE-CU-2022:1711-1: Security update of suse/pcp Message-ID: <20220730071956.369F1FCED@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1711-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-8.6 , suse/pcp:latest Container Release : 8.6 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1196490 1198486 1199132 1200027 CVE-2022-23308 CVE-2022-29824 CVE-2022-31741 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - libfreebl3-3.79-150400.3.7.1 updated - libfreebl3-hmac-3.79-150400.3.7.1 updated - mozilla-nss-certs-3.79-150400.3.7.1 updated - libsoftokn3-3.79-150400.3.7.1 updated - mozilla-nss-3.79-150400.3.7.1 updated - libsoftokn3-hmac-3.79-150400.3.7.1 updated - container:bci-bci-init-15.4-15.4-19.16 updated