From sle-updates at lists.suse.com Wed Jun 1 13:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 15:16:39 +0200 (CEST) Subject: SUSE-SU-2022:1903-1: important: Security update for hdf5 Message-ID: <20220601131639.A2A09F386@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1903-1 Rating: important References: #1072087 #1072090 #1072108 #1072111 #1093641 #1093649 #1093653 #1093655 #1093657 #1101471 #1101474 #1101493 #1101495 #1102175 #1109166 #1109167 #1109168 #1109564 #1109565 #1109566 #1109567 #1109568 #1109569 #1109570 #1134298 #1167401 #1167404 #1167405 #1169793 #1174439 #1179521 #1196682 SLE-7766 SLE-7773 SLE-8501 SLE-8604 Cross-References: CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVSS scores: CVE-2017-17505 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17505 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17506 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17506 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17508 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17508 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17509 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17509 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-11202 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11202 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11203 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11203 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11204 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-11207 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11207 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-13869 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13869 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-13870 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13870 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14460 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-17233 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17233 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17234 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17435 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17435 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10809 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10810 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS ______________________________________________________________________________ An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available. Description: This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493). - CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495). - CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). - CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655). - CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649). - CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641). - CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111). - CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108). - CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090). - CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087). Bugfixes: - Fix library link flags on pkg-config file for HPC builds (bsc#1134298). - Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793). - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). - Add build support for gcc10 to HPC build (bsc#1174439). - Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604). - Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773). - HDF5 version Update to 1.10.5 (jsc#SLE-8501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1903=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1903=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.4.3 libhdf5-gnu-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3 hdf5-hpc-examples-1.10.8-150100.7.4.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.4.3 hdf5_1_10_8-hpc-examples-1.10.8-150100.7.4.3 libhdf5-gnu-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): hdf5-gnu-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3 hdf5-hpc-examples-1.10.8-150100.7.4.3 References: https://www.suse.com/security/cve/CVE-2017-17505.html https://www.suse.com/security/cve/CVE-2017-17506.html https://www.suse.com/security/cve/CVE-2017-17508.html https://www.suse.com/security/cve/CVE-2017-17509.html https://www.suse.com/security/cve/CVE-2018-11202.html https://www.suse.com/security/cve/CVE-2018-11203.html https://www.suse.com/security/cve/CVE-2018-11204.html https://www.suse.com/security/cve/CVE-2018-11206.html https://www.suse.com/security/cve/CVE-2018-11207.html https://www.suse.com/security/cve/CVE-2018-13869.html https://www.suse.com/security/cve/CVE-2018-13870.html https://www.suse.com/security/cve/CVE-2018-14032.html https://www.suse.com/security/cve/CVE-2018-14033.html https://www.suse.com/security/cve/CVE-2018-14460.html https://www.suse.com/security/cve/CVE-2018-17233.html https://www.suse.com/security/cve/CVE-2018-17234.html https://www.suse.com/security/cve/CVE-2018-17237.html https://www.suse.com/security/cve/CVE-2018-17432.html https://www.suse.com/security/cve/CVE-2018-17433.html https://www.suse.com/security/cve/CVE-2018-17434.html https://www.suse.com/security/cve/CVE-2018-17435.html https://www.suse.com/security/cve/CVE-2018-17436.html https://www.suse.com/security/cve/CVE-2018-17437.html https://www.suse.com/security/cve/CVE-2018-17438.html https://www.suse.com/security/cve/CVE-2020-10809.html https://www.suse.com/security/cve/CVE-2020-10810.html https://www.suse.com/security/cve/CVE-2020-10811.html https://bugzilla.suse.com/1072087 https://bugzilla.suse.com/1072090 https://bugzilla.suse.com/1072108 https://bugzilla.suse.com/1072111 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1101471 https://bugzilla.suse.com/1101474 https://bugzilla.suse.com/1101493 https://bugzilla.suse.com/1101495 https://bugzilla.suse.com/1102175 https://bugzilla.suse.com/1109166 https://bugzilla.suse.com/1109167 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109564 https://bugzilla.suse.com/1109565 https://bugzilla.suse.com/1109566 https://bugzilla.suse.com/1109567 https://bugzilla.suse.com/1109568 https://bugzilla.suse.com/1109569 https://bugzilla.suse.com/1109570 https://bugzilla.suse.com/1134298 https://bugzilla.suse.com/1167401 https://bugzilla.suse.com/1167404 https://bugzilla.suse.com/1167405 https://bugzilla.suse.com/1169793 https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1179521 https://bugzilla.suse.com/1196682 From sle-updates at lists.suse.com Wed Jun 1 13:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 15:19:46 +0200 (CEST) Subject: SUSE-RU-2022:1900-1: moderate: Recommended update for rabbitmq-c Message-ID: <20220601131946.3B51AF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-c ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1900-1 Rating: moderate References: #1198202 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-c fixes the following issues: - Resolve package build issues (bsc#1198202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1900=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1900=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1900=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1900=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): librabbitmq-devel-0.10.0-150300.5.3.1 librabbitmq4-0.10.0-150300.5.3.1 librabbitmq4-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debugsource-0.10.0-150300.5.3.1 rabbitmq-c-tools-0.10.0-150300.5.3.1 rabbitmq-c-tools-debuginfo-0.10.0-150300.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): librabbitmq-devel-0.10.0-150300.5.3.1 librabbitmq4-0.10.0-150300.5.3.1 librabbitmq4-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debugsource-0.10.0-150300.5.3.1 rabbitmq-c-tools-0.10.0-150300.5.3.1 rabbitmq-c-tools-debuginfo-0.10.0-150300.5.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): librabbitmq-devel-0.10.0-150300.5.3.1 librabbitmq4-0.10.0-150300.5.3.1 librabbitmq4-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debugsource-0.10.0-150300.5.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): librabbitmq-devel-0.10.0-150300.5.3.1 librabbitmq4-0.10.0-150300.5.3.1 librabbitmq4-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debuginfo-0.10.0-150300.5.3.1 rabbitmq-c-debugsource-0.10.0-150300.5.3.1 References: https://bugzilla.suse.com/1198202 From sle-updates at lists.suse.com Wed Jun 1 13:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 15:20:21 +0200 (CEST) Subject: SUSE-RU-2022:1902-1: moderate: Recommended update for apache2 Message-ID: <20220601132021.05D64F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1902-1 Rating: moderate References: #1198907 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - Fix http2 child processes not being terminated (bsc#1198907) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1902=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1902=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-35.16.1 apache2-debugsource-2.4.51-35.16.1 apache2-devel-2.4.51-35.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-35.16.1 apache2-debuginfo-2.4.51-35.16.1 apache2-debugsource-2.4.51-35.16.1 apache2-example-pages-2.4.51-35.16.1 apache2-prefork-2.4.51-35.16.1 apache2-prefork-debuginfo-2.4.51-35.16.1 apache2-utils-2.4.51-35.16.1 apache2-utils-debuginfo-2.4.51-35.16.1 apache2-worker-2.4.51-35.16.1 apache2-worker-debuginfo-2.4.51-35.16.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.51-35.16.1 References: https://bugzilla.suse.com/1198907 From sle-updates at lists.suse.com Wed Jun 1 13:20:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 15:20:59 +0200 (CEST) Subject: SUSE-RU-2022:1899-1: important: Recommended update for libtirpc Message-ID: <20220601132059.2BBB2F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1899-1 Rating: important References: #1198176 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1899=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1899=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1899=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1899=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-devel-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 - openSUSE Leap 15.4 (x86_64): libtirpc3-32bit-1.2.6-150300.3.6.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-devel-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 - openSUSE Leap 15.3 (x86_64): libtirpc3-32bit-1.2.6-150300.3.6.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-devel-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtirpc3-32bit-1.2.6-150300.3.6.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-devel-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libtirpc3-32bit-1.2.6-150300.3.6.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.6.1 libtirpc-netconfig-1.2.6-150300.3.6.1 libtirpc3-1.2.6-150300.3.6.1 libtirpc3-debuginfo-1.2.6-150300.3.6.1 References: https://bugzilla.suse.com/1198176 From sle-updates at lists.suse.com Wed Jun 1 13:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 15:21:40 +0200 (CEST) Subject: SUSE-FU-2022:1901-1: moderate: Feature update for powerpc-utils Message-ID: <20220601132140.350A3F386@maintenance.suse.de> SUSE Feature Update: Feature update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1901-1 Rating: moderate References: #1193543 #1195404 #1198728 SLE-18127 SLE-18643 SLE-23097 SLE-23855 SLE-23856 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three feature fixes and contains 5 features can now be installed. Description: This feature update for powerpc-utils fixes the following issues: Make Linux Hybrid Network Virtualization (HNV) work for any connection manager (jsc#SLE-23856): - Fix setting HNV primary slave with NM (bsc#1195404) - Update HNV implementation (bsc#1195404 jsc#SLE-23855) - Fix HNV migration and other HNV issues (bsc#1195404) - Add HNV wicked support (bsc#1193543 jsc#SLE-18127) - Install SUSE-specific scripts - Add support for vnic backup device for HNV (jsc#SLE-23097) - Add support for NVMf devices (jsc#SLE-18643, bsc#1198728) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1901=1 Package List: - openSUSE Leap 15.3 (ppc64le): powerpc-utils-1.3.9-150300.9.23.1 powerpc-utils-debuginfo-1.3.9-150300.9.23.1 powerpc-utils-debugsource-1.3.9-150300.9.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.9-150300.9.23.1 powerpc-utils-debuginfo-1.3.9-150300.9.23.1 powerpc-utils-debugsource-1.3.9-150300.9.23.1 References: https://bugzilla.suse.com/1193543 https://bugzilla.suse.com/1195404 https://bugzilla.suse.com/1198728 From sle-updates at lists.suse.com Wed Jun 1 14:12:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:12:08 +0200 (CEST) Subject: SUSE-CU-2022:1227-1: Recommended update of bci/python Message-ID: <20220601141208.6F240FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1227-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-17.39 , bci/python:latest Container Release : 17.39 Severity : moderate Type : recommended References : 1040589 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - grep-3.1-150000.4.6.1 updated - container:sles15-image-15.0.0-17.17.8 updated From sle-updates at lists.suse.com Wed Jun 1 14:12:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:12:40 +0200 (CEST) Subject: SUSE-CU-2022:1228-1: Security update of suse/rmt-mariadb-client Message-ID: <20220601141240.D8293FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1228-1 Container Tags : suse/rmt-mariadb-client:10.5 , suse/rmt-mariadb-client:10.5-10.25 , suse/rmt-mariadb-client:latest Container Release : 10.25 Severity : important Type : security References : 1040589 1172427 1182959 1191157 1191502 1193086 1193489 1194642 1194642 1194883 1195149 1195247 1195529 1195628 1195792 1195856 1195899 1196093 1196107 1196275 1196406 1196490 1196567 1196647 1196939 1197004 1197024 1197459 1197771 1197794 1198062 1198090 1198114 1198446 1198614 1198723 1198766 1199132 1199223 1199224 1199240 CVE-2018-25032 CVE-2022-1271 CVE-2022-1304 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libsystemd0-246.16-150300.7.45.1 updated - grep-3.1-150000.4.6.1 updated - pam-1.3.0-150000.6.58.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.17.8 updated From sle-updates at lists.suse.com Wed Jun 1 14:13:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:13:08 +0200 (CEST) Subject: SUSE-CU-2022:1229-1: Security update of suse/rmt-nginx Message-ID: <20220601141308.B1439FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1229-1 Container Tags : suse/rmt-nginx:1.19 , suse/rmt-nginx:1.19-9.25 , suse/rmt-nginx:latest Container Release : 9.25 Severity : important Type : security References : 1040589 1172427 1182959 1191157 1191502 1193086 1193489 1194642 1194642 1194883 1195149 1195247 1195529 1195628 1195792 1195856 1195899 1195964 1195965 1196093 1196107 1196275 1196406 1196490 1196567 1196647 1196939 1197004 1197024 1197066 1197068 1197072 1197073 1197074 1197459 1197631 1197771 1197794 1198062 1198090 1198114 1198446 1198614 1198723 1198766 1199132 1199223 1199224 1199240 CVE-2018-25032 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1056 CVE-2022-1271 CVE-2022-1304 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 ----------------------------------------------------------------- The container suse/rmt-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1882-1 Released: Mon May 30 12:37:13 2022 Summary: Security update for tiff Type: security Severity: important References: 1195964,1195965,1197066,1197068,1197072,1197073,1197074,1197631,CVE-2022-0561,CVE-2022-0562,CVE-2022-0865,CVE-2022-0891,CVE-2022-0908,CVE-2022-0909,CVE-2022-0924,CVE-2022-1056 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libsystemd0-246.16-150300.7.45.1 updated - grep-3.1-150000.4.6.1 updated - pam-1.3.0-150000.6.58.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - perl-5.26.1-150300.17.3.1 updated - libtiff5-4.0.9-150000.45.8.1 updated - container:sles15-image-15.0.0-17.17.8 updated From sle-updates at lists.suse.com Wed Jun 1 14:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:20:26 +0200 (CEST) Subject: SUSE-CU-2022:1230-1: Recommended update of bci/ruby Message-ID: <20220601142026.522ADFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1230-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.38 , bci/ruby:latest Container Release : 18.38 Severity : moderate Type : recommended References : 1040589 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - grep-3.1-150000.4.6.1 updated - container:sles15-image-15.0.0-17.17.8 updated From sle-updates at lists.suse.com Wed Jun 1 14:34:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:34:58 +0200 (CEST) Subject: SUSE-CU-2022:1231-1: Recommended update of suse/sle15 Message-ID: <20220601143458.BE98EFD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1231-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.8 , suse/sle15:15.3 , suse/sle15:15.3.17.17.8 Container Release : 17.17.8 Severity : moderate Type : recommended References : 1040589 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - grep-3.1-150000.4.6.1 updated From sle-updates at lists.suse.com Wed Jun 1 14:35:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:35:31 +0200 (CEST) Subject: SUSE-CU-2022:1232-1: Security update of suse/389-ds Message-ID: <20220601143531.82A86FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1232-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-13.27 , suse/389-ds:latest Container Release : 13.27 Severity : important Type : security References : 1040589 1198446 CVE-2022-1304 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - libcom_err2-1.46.4-150400.3.3.1 updated - grep-3.1-150000.4.6.1 updated - container:sles15-image-15.0.0-27.5.3 updated From sle-updates at lists.suse.com Wed Jun 1 14:36:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 16:36:25 +0200 (CEST) Subject: SUSE-CU-2022:1233-1: Recommended update of bci/bci-init Message-ID: <20220601143625.A6A60FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1233-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.15.28 Container Release : 15.28 Severity : important Type : recommended References : 1040589 1198176 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - grep-3.1-150000.4.6.1 updated - container:sles15-image-15.0.0-27.5.3 updated From sle-updates at lists.suse.com Wed Jun 1 16:16:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 18:16:58 +0200 (CEST) Subject: SUSE-RU-2022:1905-1: important: Recommended update for gnome-packagekit Message-ID: <20220601161658.D3692F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1905-1 Rating: important References: #1198801 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-packagekit fixes the following issues: - Fix issues with getting updates when there is a new gpg key signed in the repository (bsc#1198801) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1905=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1905=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gnome-packagekit-3.32.0-150200.10.1 gnome-packagekit-debuginfo-3.32.0-150200.10.1 gnome-packagekit-debugsource-3.32.0-150200.10.1 gnome-packagekit-extras-3.32.0-150200.10.1 gnome-packagekit-extras-debuginfo-3.32.0-150200.10.1 - openSUSE Leap 15.3 (noarch): gnome-packagekit-lang-3.32.0-150200.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-packagekit-3.32.0-150200.10.1 gnome-packagekit-debuginfo-3.32.0-150200.10.1 gnome-packagekit-debugsource-3.32.0-150200.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gnome-packagekit-lang-3.32.0-150200.10.1 References: https://bugzilla.suse.com/1198801 From sle-updates at lists.suse.com Wed Jun 1 16:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 18:17:34 +0200 (CEST) Subject: SUSE-RU-2022:1904-1: important: Recommended update for libbluray Message-ID: <20220601161734.6DE06F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libbluray ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1904-1 Rating: important References: #1199463 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libbluray fixes the following issues: - Implement the new java.io.FileSystem.isInvalid method that entered all supported java versions with April 2022 CPU (bsc#1199463) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1904=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1904=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1904=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1904=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.3.0-150300.10.7.1 libbluray-devel-1.3.0-150300.10.7.1 libbluray-tools-1.3.0-150300.10.7.1 libbluray-tools-debuginfo-1.3.0-150300.10.7.1 libbluray2-1.3.0-150300.10.7.1 libbluray2-debuginfo-1.3.0-150300.10.7.1 - openSUSE Leap 15.4 (x86_64): libbluray2-32bit-1.3.0-150300.10.7.1 libbluray2-32bit-debuginfo-1.3.0-150300.10.7.1 - openSUSE Leap 15.4 (noarch): libbluray-bdj-1.3.0-150300.10.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.3.0-150300.10.7.1 libbluray-devel-1.3.0-150300.10.7.1 libbluray-tools-1.3.0-150300.10.7.1 libbluray-tools-debuginfo-1.3.0-150300.10.7.1 libbluray2-1.3.0-150300.10.7.1 libbluray2-debuginfo-1.3.0-150300.10.7.1 - openSUSE Leap 15.3 (x86_64): libbluray2-32bit-1.3.0-150300.10.7.1 libbluray2-32bit-debuginfo-1.3.0-150300.10.7.1 - openSUSE Leap 15.3 (noarch): libbluray-bdj-1.3.0-150300.10.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.3.0-150300.10.7.1 libbluray-devel-1.3.0-150300.10.7.1 libbluray2-1.3.0-150300.10.7.1 libbluray2-debuginfo-1.3.0-150300.10.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.3.0-150300.10.7.1 libbluray-devel-1.3.0-150300.10.7.1 libbluray2-1.3.0-150300.10.7.1 libbluray2-debuginfo-1.3.0-150300.10.7.1 References: https://bugzilla.suse.com/1199463 From sle-updates at lists.suse.com Wed Jun 1 16:18:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 18:18:12 +0200 (CEST) Subject: SUSE-RU-2022:1907-1: moderate: Recommended update for hunspell Message-ID: <20220601161812.F35C5F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for hunspell ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1907-1 Rating: moderate References: #1199209 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hunspell fixes the following issues: - Add requirement for english dictionary (bsc#1199209) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1907=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1907=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1907=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1907=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-150000.3.11.1 hunspell-debuginfo-1.6.2-150000.3.11.1 hunspell-debugsource-1.6.2-150000.3.11.1 hunspell-devel-1.6.2-150000.3.11.1 hunspell-tools-1.6.2-150000.3.11.1 hunspell-tools-debuginfo-1.6.2-150000.3.11.1 libhunspell-1_6-0-1.6.2-150000.3.11.1 libhunspell-1_6-0-debuginfo-1.6.2-150000.3.11.1 - openSUSE Leap 15.4 (x86_64): hunspell-devel-32bit-1.6.2-150000.3.11.1 libhunspell-1_6-0-32bit-1.6.2-150000.3.11.1 libhunspell-1_6-0-32bit-debuginfo-1.6.2-150000.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-150000.3.11.1 hunspell-debuginfo-1.6.2-150000.3.11.1 hunspell-debugsource-1.6.2-150000.3.11.1 hunspell-devel-1.6.2-150000.3.11.1 hunspell-tools-1.6.2-150000.3.11.1 hunspell-tools-debuginfo-1.6.2-150000.3.11.1 libhunspell-1_6-0-1.6.2-150000.3.11.1 libhunspell-1_6-0-debuginfo-1.6.2-150000.3.11.1 - openSUSE Leap 15.3 (x86_64): hunspell-devel-32bit-1.6.2-150000.3.11.1 libhunspell-1_6-0-32bit-1.6.2-150000.3.11.1 libhunspell-1_6-0-32bit-debuginfo-1.6.2-150000.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-150000.3.11.1 hunspell-debuginfo-1.6.2-150000.3.11.1 hunspell-debugsource-1.6.2-150000.3.11.1 hunspell-devel-1.6.2-150000.3.11.1 hunspell-tools-1.6.2-150000.3.11.1 hunspell-tools-debuginfo-1.6.2-150000.3.11.1 libhunspell-1_6-0-1.6.2-150000.3.11.1 libhunspell-1_6-0-debuginfo-1.6.2-150000.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-150000.3.11.1 hunspell-debuginfo-1.6.2-150000.3.11.1 hunspell-debugsource-1.6.2-150000.3.11.1 hunspell-devel-1.6.2-150000.3.11.1 hunspell-tools-1.6.2-150000.3.11.1 hunspell-tools-debuginfo-1.6.2-150000.3.11.1 libhunspell-1_6-0-1.6.2-150000.3.11.1 libhunspell-1_6-0-debuginfo-1.6.2-150000.3.11.1 References: https://bugzilla.suse.com/1199209 From sle-updates at lists.suse.com Wed Jun 1 16:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 18:18:55 +0200 (CEST) Subject: SUSE-RU-2022:1906-1: moderate: Recommended update for NetworkManager Message-ID: <20220601161855.7E315F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1906-1 Rating: moderate References: #1198381 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for NetworkManager fixes the following issues: - Match more ciphers to better determine the access point security type (bsc#1198381) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1906=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1906=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1906=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1906=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1906=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1906=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-150200.3.18.1 NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 NetworkManager-devel-1.22.10-150200.3.18.1 libnm0-1.22.10-150200.3.18.1 libnm0-debuginfo-1.22.10-150200.3.18.1 typelib-1_0-NM-1_0-1.22.10-150200.3.18.1 - openSUSE Leap 15.3 (noarch): NetworkManager-branding-upstream-1.22.10-150200.3.18.1 NetworkManager-lang-1.22.10-150200.3.18.1 - openSUSE Leap 15.3 (x86_64): NetworkManager-devel-32bit-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): NetworkManager-lang-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 NetworkManager-devel-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-150200.3.18.1 NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 libnm0-1.22.10-150200.3.18.1 libnm0-debuginfo-1.22.10-150200.3.18.1 typelib-1_0-NM-1_0-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 libnm0-1.22.10-150200.3.18.1 libnm0-debuginfo-1.22.10-150200.3.18.1 typelib-1_0-NM-1_0-1.22.10-150200.3.18.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.18.1 NetworkManager-debugsource-1.22.10-150200.3.18.1 libnm0-1.22.10-150200.3.18.1 libnm0-debuginfo-1.22.10-150200.3.18.1 typelib-1_0-NM-1_0-1.22.10-150200.3.18.1 References: https://bugzilla.suse.com/1198381 From sle-updates at lists.suse.com Wed Jun 1 19:16:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 21:16:15 +0200 (CEST) Subject: SUSE-RU-2022:1909-1: moderate: Recommended update for glibc Message-ID: <20220601191615.D3791F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1909-1 Rating: moderate References: #1198751 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1909=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1909=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1909=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1909=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1909=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1909=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1909=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1909=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-2.31-150300.26.5 glibc-devel-debuginfo-2.31-150300.26.5 glibc-devel-static-2.31-150300.26.5 glibc-extra-2.31-150300.26.5 glibc-extra-debuginfo-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 glibc-profile-2.31-150300.26.5 glibc-utils-2.31-150300.26.1 glibc-utils-debuginfo-2.31-150300.26.1 glibc-utils-src-debugsource-2.31-150300.26.1 nscd-2.31-150300.26.5 nscd-debuginfo-2.31-150300.26.5 - openSUSE Leap 15.4 (noarch): glibc-html-2.31-150300.26.5 glibc-i18ndata-2.31-150300.26.5 glibc-info-2.31-150300.26.5 glibc-lang-2.31-150300.26.5 - openSUSE Leap 15.4 (x86_64): glibc-32bit-2.31-150300.26.5 glibc-32bit-debuginfo-2.31-150300.26.5 glibc-devel-32bit-2.31-150300.26.5 glibc-devel-32bit-debuginfo-2.31-150300.26.5 glibc-devel-static-32bit-2.31-150300.26.5 glibc-locale-base-32bit-2.31-150300.26.5 glibc-locale-base-32bit-debuginfo-2.31-150300.26.5 glibc-profile-32bit-2.31-150300.26.5 glibc-utils-32bit-2.31-150300.26.1 glibc-utils-32bit-debuginfo-2.31-150300.26.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-2.31-150300.26.5 glibc-devel-debuginfo-2.31-150300.26.5 glibc-devel-static-2.31-150300.26.5 glibc-extra-2.31-150300.26.5 glibc-extra-debuginfo-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 glibc-profile-2.31-150300.26.5 glibc-utils-2.31-150300.26.1 glibc-utils-debuginfo-2.31-150300.26.1 glibc-utils-src-debugsource-2.31-150300.26.1 nscd-2.31-150300.26.5 nscd-debuginfo-2.31-150300.26.5 - openSUSE Leap 15.3 (x86_64): glibc-32bit-2.31-150300.26.5 glibc-32bit-debuginfo-2.31-150300.26.5 glibc-devel-32bit-2.31-150300.26.5 glibc-devel-32bit-debuginfo-2.31-150300.26.5 glibc-devel-static-32bit-2.31-150300.26.5 glibc-locale-base-32bit-2.31-150300.26.5 glibc-locale-base-32bit-debuginfo-2.31-150300.26.5 glibc-profile-32bit-2.31-150300.26.5 glibc-utils-32bit-2.31-150300.26.1 glibc-utils-32bit-debuginfo-2.31-150300.26.1 - openSUSE Leap 15.3 (noarch): glibc-html-2.31-150300.26.5 glibc-i18ndata-2.31-150300.26.5 glibc-info-2.31-150300.26.5 glibc-lang-2.31-150300.26.5 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-static-2.31-150300.26.5 glibc-utils-2.31-150300.26.1 glibc-utils-debuginfo-2.31-150300.26.1 glibc-utils-src-debugsource-2.31-150300.26.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): glibc-32bit-debuginfo-2.31-150300.26.5 glibc-devel-32bit-2.31-150300.26.5 glibc-devel-32bit-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-static-2.31-150300.26.5 glibc-utils-2.31-150300.26.1 glibc-utils-debuginfo-2.31-150300.26.1 glibc-utils-src-debugsource-2.31-150300.26.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-150300.26.5 glibc-devel-32bit-2.31-150300.26.5 glibc-devel-32bit-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-2.31-150300.26.5 glibc-devel-debuginfo-2.31-150300.26.5 glibc-extra-2.31-150300.26.5 glibc-extra-debuginfo-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 glibc-profile-2.31-150300.26.5 nscd-2.31-150300.26.5 nscd-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): glibc-i18ndata-2.31-150300.26.5 glibc-info-2.31-150300.26.5 glibc-lang-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): glibc-32bit-2.31-150300.26.5 glibc-32bit-debuginfo-2.31-150300.26.5 glibc-locale-base-32bit-2.31-150300.26.5 glibc-locale-base-32bit-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-2.31-150300.26.5 glibc-devel-debuginfo-2.31-150300.26.5 glibc-extra-2.31-150300.26.5 glibc-extra-debuginfo-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 glibc-profile-2.31-150300.26.5 nscd-2.31-150300.26.5 nscd-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-150300.26.5 glibc-32bit-debuginfo-2.31-150300.26.5 glibc-locale-base-32bit-2.31-150300.26.5 glibc-locale-base-32bit-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-150300.26.5 glibc-info-2.31-150300.26.5 glibc-lang-2.31-150300.26.5 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glibc-2.31-150300.26.5 glibc-debuginfo-2.31-150300.26.5 glibc-debugsource-2.31-150300.26.5 glibc-devel-2.31-150300.26.5 glibc-locale-2.31-150300.26.5 glibc-locale-base-2.31-150300.26.5 glibc-locale-base-debuginfo-2.31-150300.26.5 References: https://bugzilla.suse.com/1198751 From sle-updates at lists.suse.com Wed Jun 1 19:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 21:17:07 +0200 (CEST) Subject: SUSE-SU-2022:1908-1: important: Security update for postgresql14 Message-ID: <20220601191707.7CC6BF386@maintenance.suse.de> SUSE Security Update: Security update for postgresql14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1908-1 Rating: important References: #1199475 Cross-References: CVE-2022-1552 CVSS scores: CVE-2022-1552 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within "security restricted operation" sandboxes (bsc#1199475). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1908=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1908=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1908=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1908=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1908=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1908=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1908=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1908=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1908=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1908=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1908=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1908=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1908=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1908=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-llvmjit-14.3-150200.5.12.2 postgresql14-llvmjit-debuginfo-14.3-150200.5.12.2 postgresql14-llvmjit-devel-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 postgresql14-test-14.3-150200.5.12.2 - openSUSE Leap 15.4 (x86_64): libecpg6-32bit-14.3-150200.5.12.2 libecpg6-32bit-debuginfo-14.3-150200.5.12.2 libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - openSUSE Leap 15.4 (noarch): postgresql14-docs-14.3-150200.5.12.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-devel-mini-14.3-150200.5.12.1 postgresql14-devel-mini-debuginfo-14.3-150200.5.12.1 postgresql14-llvmjit-14.3-150200.5.12.2 postgresql14-llvmjit-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 postgresql14-test-14.3-150200.5.12.2 - openSUSE Leap 15.3 (noarch): postgresql14-docs-14.3-150200.5.12.2 - openSUSE Leap 15.3 (x86_64): libecpg6-32bit-14.3-150200.5.12.2 libecpg6-32bit-debuginfo-14.3-150200.5.12.2 libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Manager Server 4.1 (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Manager Server 4.1 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Manager Retail Branch Server 4.1 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Manager Proxy 4.1 (x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Manager Proxy 4.1 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql14-llvmjit-14.3-150200.5.12.2 postgresql14-llvmjit-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): postgresql14-test-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): postgresql14-docs-14.3-150200.5.12.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libecpg6-14.3-150200.5.12.2 libecpg6-debuginfo-14.3-150200.5.12.2 libpq5-14.3-150200.5.12.2 libpq5-debuginfo-14.3-150200.5.12.2 postgresql14-14.3-150200.5.12.2 postgresql14-contrib-14.3-150200.5.12.2 postgresql14-contrib-debuginfo-14.3-150200.5.12.2 postgresql14-debuginfo-14.3-150200.5.12.2 postgresql14-debugsource-14.3-150200.5.12.1 postgresql14-debugsource-14.3-150200.5.12.2 postgresql14-devel-14.3-150200.5.12.2 postgresql14-devel-debuginfo-14.3-150200.5.12.2 postgresql14-plperl-14.3-150200.5.12.2 postgresql14-plperl-debuginfo-14.3-150200.5.12.2 postgresql14-plpython-14.3-150200.5.12.2 postgresql14-plpython-debuginfo-14.3-150200.5.12.2 postgresql14-pltcl-14.3-150200.5.12.2 postgresql14-pltcl-debuginfo-14.3-150200.5.12.2 postgresql14-server-14.3-150200.5.12.2 postgresql14-server-debuginfo-14.3-150200.5.12.2 postgresql14-server-devel-14.3-150200.5.12.2 postgresql14-server-devel-debuginfo-14.3-150200.5.12.2 - SUSE Enterprise Storage 7 (x86_64): libpq5-32bit-14.3-150200.5.12.2 libpq5-32bit-debuginfo-14.3-150200.5.12.2 - SUSE Enterprise Storage 7 (noarch): postgresql14-docs-14.3-150200.5.12.2 References: https://www.suse.com/security/cve/CVE-2022-1552.html https://bugzilla.suse.com/1199475 From sle-updates at lists.suse.com Wed Jun 1 19:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2022 21:17:53 +0200 (CEST) Subject: SUSE-SU-2022:1910-1: important: Security update for hdf5 Message-ID: <20220601191753.865A7F386@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1910-1 Rating: important References: #1072087 #1072090 #1072108 #1072111 #1093641 #1093649 #1093653 #1093655 #1093657 #1101471 #1101474 #1101493 #1101495 #1102175 #1109166 #1109167 #1109168 #1109564 #1109565 #1109566 #1109567 #1109568 #1109569 #1109570 #1167401 #1167404 #1167405 #1174439 #1179521 #1196682 Cross-References: CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVSS scores: CVE-2017-17505 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17505 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17506 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17506 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17508 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17508 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17509 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17509 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-11202 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11202 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11203 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11203 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11204 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-11207 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11207 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-13869 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13869 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-13870 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13870 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14460 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-17233 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17233 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17234 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17435 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17435 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10809 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10810 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS ______________________________________________________________________________ An update that solves 27 vulnerabilities and has three fixes is now available. Description: This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493). - CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495). - CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). - CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655). - CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649). - CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641). - CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111). - CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108). - CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090). - CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087). Bugfixes: - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). - Add build support for gcc10 to HPC build (bsc#1174439). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1910=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1910=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-hpc-examples-1.10.8-150200.8.4.2 libhdf5-gnu-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): hdf5-gnu-hpc-1.10.8-150200.8.4.2 hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3 hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2 hdf5-hpc-examples-1.10.8-150200.8.4.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150200.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-debugsource-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150200.8.4.2 hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150200.8.4.2 hdf5_1_10_8-hpc-examples-1.10.8-150200.8.4.2 libhdf5-gnu-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150200.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-debuginfo-1.10.8-150200.8.4.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): hdf5-gnu-hpc-1.10.8-150200.8.4.2 hdf5-gnu-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-mpich-hpc-1.10.8-150200.8.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150200.8.4.3 hdf5-gnu-mvapich2-hpc-1.10.8-150200.8.4.2 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-openmpi2-hpc-1.10.8-150200.8.4.2 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150200.8.4.2 hdf5-gnu-openmpi3-hpc-1.10.8-150200.8.4.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150200.8.4.2 hdf5-hpc-examples-1.10.8-150200.8.4.2 References: https://www.suse.com/security/cve/CVE-2017-17505.html https://www.suse.com/security/cve/CVE-2017-17506.html https://www.suse.com/security/cve/CVE-2017-17508.html https://www.suse.com/security/cve/CVE-2017-17509.html https://www.suse.com/security/cve/CVE-2018-11202.html https://www.suse.com/security/cve/CVE-2018-11203.html https://www.suse.com/security/cve/CVE-2018-11204.html https://www.suse.com/security/cve/CVE-2018-11206.html https://www.suse.com/security/cve/CVE-2018-11207.html https://www.suse.com/security/cve/CVE-2018-13869.html https://www.suse.com/security/cve/CVE-2018-13870.html https://www.suse.com/security/cve/CVE-2018-14032.html https://www.suse.com/security/cve/CVE-2018-14033.html https://www.suse.com/security/cve/CVE-2018-14460.html https://www.suse.com/security/cve/CVE-2018-17233.html https://www.suse.com/security/cve/CVE-2018-17234.html https://www.suse.com/security/cve/CVE-2018-17237.html https://www.suse.com/security/cve/CVE-2018-17432.html https://www.suse.com/security/cve/CVE-2018-17433.html https://www.suse.com/security/cve/CVE-2018-17434.html https://www.suse.com/security/cve/CVE-2018-17435.html https://www.suse.com/security/cve/CVE-2018-17436.html https://www.suse.com/security/cve/CVE-2018-17437.html https://www.suse.com/security/cve/CVE-2018-17438.html https://www.suse.com/security/cve/CVE-2020-10809.html https://www.suse.com/security/cve/CVE-2020-10810.html https://www.suse.com/security/cve/CVE-2020-10811.html https://bugzilla.suse.com/1072087 https://bugzilla.suse.com/1072090 https://bugzilla.suse.com/1072108 https://bugzilla.suse.com/1072111 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1101471 https://bugzilla.suse.com/1101474 https://bugzilla.suse.com/1101493 https://bugzilla.suse.com/1101495 https://bugzilla.suse.com/1102175 https://bugzilla.suse.com/1109166 https://bugzilla.suse.com/1109167 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109564 https://bugzilla.suse.com/1109565 https://bugzilla.suse.com/1109566 https://bugzilla.suse.com/1109567 https://bugzilla.suse.com/1109568 https://bugzilla.suse.com/1109569 https://bugzilla.suse.com/1109570 https://bugzilla.suse.com/1167401 https://bugzilla.suse.com/1167404 https://bugzilla.suse.com/1167405 https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1179521 https://bugzilla.suse.com/1196682 From sle-updates at lists.suse.com Thu Jun 2 07:27:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:27:14 +0200 (CEST) Subject: SUSE-CU-2022:1242-1: Recommended update of bci/dotnet-runtime Message-ID: <20220602072714.A70D2F386@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1242-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.22 , bci/dotnet-runtime:6.0.5 , bci/dotnet-runtime:6.0.5-17.22 , bci/dotnet-runtime:latest Container Release : 17.22 Severity : moderate Type : recommended References : 1040589 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) The following package changes have been done: - grep-3.1-150000.4.6.1 updated - container:sles15-image-15.0.0-17.17.8 updated From sle-updates at lists.suse.com Thu Jun 2 07:33:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:33:49 +0200 (CEST) Subject: SUSE-CU-2022:1244-1: Recommended update of bci/golang Message-ID: <20220602073349.77F91F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1244-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-17.46 Container Release : 17.46 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-devel-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 07:42:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:42:16 +0200 (CEST) Subject: SUSE-CU-2022:1247-1: Recommended update of bci/golang Message-ID: <20220602074216.14F69F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1247-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-17.48 Container Release : 17.48 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-devel-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 07:42:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:42:58 +0200 (CEST) Subject: SUSE-CU-2022:1249-1: Recommended update of bci/bci-micro Message-ID: <20220602074258.2C67CF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1249-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.16.5 , bci/bci-micro:latest Container Release : 16.5 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated From sle-updates at lists.suse.com Thu Jun 2 07:46:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:46:56 +0200 (CEST) Subject: SUSE-CU-2022:1251-1: Recommended update of bci/bci-minimal Message-ID: <20220602074656.8B210F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1251-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.26.38 , bci/bci-minimal:latest Container Release : 26.38 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - container:micro-image-15.3.0-16.5 updated From sle-updates at lists.suse.com Thu Jun 2 07:51:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:51:59 +0200 (CEST) Subject: SUSE-CU-2022:1252-1: Security update of bci/nodejs Message-ID: <20220602075159.437B2F386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1252-1 Container Tags : bci/node:14 , bci/node:14-19.55 , bci/nodejs:14 , bci/nodejs:14-19.55 Container Release : 19.55 Severity : important Type : security References : 1040589 1198176 1198751 1199223 1199224 1199232 CVE-2022-1586 CVE-2022-27781 CVE-2022-27782 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 07:56:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 09:56:23 +0200 (CEST) Subject: SUSE-CU-2022:1254-1: Recommended update of bci/nodejs Message-ID: <20220602075623.C6055F386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1254-1 Container Tags : bci/node:16 , bci/node:16-7.62 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-7.62 , bci/nodejs:latest Container Release : 7.62 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 08:06:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:06:34 +0200 (CEST) Subject: SUSE-CU-2022:1256-1: Recommended update of bci/openjdk-devel Message-ID: <20220602080634.B1578F386@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1256-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.103 , bci/openjdk-devel:latest Container Release : 17.103 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:openjdk-11-image-15.3.0-17.57 updated From sle-updates at lists.suse.com Thu Jun 2 08:15:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:15:18 +0200 (CEST) Subject: SUSE-CU-2022:1258-1: Recommended update of bci/openjdk Message-ID: <20220602081518.631FEF386@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1258-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-17.57 , bci/openjdk:latest Container Release : 17.57 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 08:19:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:19:52 +0200 (CEST) Subject: SUSE-CU-2022:1260-1: Recommended update of bci/python Message-ID: <20220602081952.194FCF386@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1260-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-15.54 Container Release : 15.54 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 08:23:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:23:56 +0200 (CEST) Subject: SUSE-CU-2022:1261-1: Recommended update of bci/python Message-ID: <20220602082356.E75BEF386@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1261-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-17.44 , bci/python:latest Container Release : 17.44 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 08:31:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:31:39 +0200 (CEST) Subject: SUSE-CU-2022:1262-1: Recommended update of bci/ruby Message-ID: <20220602083139.0B566F386@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1262-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.42 , bci/ruby:latest Container Release : 18.42 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-devel-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.10 updated From sle-updates at lists.suse.com Thu Jun 2 08:32:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:32:22 +0200 (CEST) Subject: SUSE-CU-2022:1263-1: Recommended update of suse/389-ds Message-ID: <20220602083222.B63C7F386@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1263-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-13.31 , suse/389-ds:latest Container Release : 13.31 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.26.5 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-27.5.5 updated From sle-updates at lists.suse.com Thu Jun 2 08:32:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:32:58 +0200 (CEST) Subject: SUSE-CU-2022:1264-1: Recommended update of bci/bci-busybox Message-ID: <20220602083258.52F35F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1264-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.7.18 , bci/bci-busybox:latest Container Release : 7.18 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - sles-release-15.4-150400.55.1 updated From sle-updates at lists.suse.com Thu Jun 2 08:34:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:34:10 +0200 (CEST) Subject: SUSE-CU-2022:1265-1: Recommended update of bci/bci-micro Message-ID: <20220602083410.8A942F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1265-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.10.2 Container Release : 10.2 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated From sle-updates at lists.suse.com Thu Jun 2 08:35:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 10:35:16 +0200 (CEST) Subject: SUSE-CU-2022:1266-1: Recommended update of bci/bci-minimal Message-ID: <20220602083516.255FAF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1266-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.10.51 Container Release : 10.51 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - container:micro-image-15.4.0-10.2 updated From sle-updates at lists.suse.com Thu Jun 2 13:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:17:07 +0200 (CEST) Subject: SUSE-SU-2022:1912-1: important: Security update for hdf5 Message-ID: <20220602131707.51501FD9D@maintenance.suse.de> SUSE Security Update: Security update for hdf5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1912-1 Rating: important References: #1093657 #1101471 #1101474 #1102175 #1109167 #1109168 #1109564 #1109565 #1109566 #1109568 #1109569 #1109570 #1167401 #1167404 #1167405 #1179521 #1196682 Cross-References: CVE-2018-11206 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVSS scores: CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14460 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-17234 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10809 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10810 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has two fixes is now available. Description: This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). Bugfixes: - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1912=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1912=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1912=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-1912=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libhdf5-gnu-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 - openSUSE Leap 15.4 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.3.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 hdf5-hpc-examples-1.10.8-150300.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libhdf5-gnu-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 - openSUSE Leap 15.3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.3.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 hdf5-hpc-examples-1.10.8-150300.4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): libhdf5-gnu-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.3.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 hdf5-hpc-examples-1.10.8-150300.4.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): libhdf5-gnu-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): hdf5-gnu-hpc-1.10.8-150300.4.3.1 hdf5-gnu-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 hdf5-hpc-examples-1.10.8-150300.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-11206.html https://www.suse.com/security/cve/CVE-2018-14032.html https://www.suse.com/security/cve/CVE-2018-14033.html https://www.suse.com/security/cve/CVE-2018-14460.html https://www.suse.com/security/cve/CVE-2018-17234.html https://www.suse.com/security/cve/CVE-2018-17237.html https://www.suse.com/security/cve/CVE-2018-17432.html https://www.suse.com/security/cve/CVE-2018-17433.html https://www.suse.com/security/cve/CVE-2018-17434.html https://www.suse.com/security/cve/CVE-2018-17436.html https://www.suse.com/security/cve/CVE-2018-17437.html https://www.suse.com/security/cve/CVE-2018-17438.html https://www.suse.com/security/cve/CVE-2020-10809.html https://www.suse.com/security/cve/CVE-2020-10810.html https://www.suse.com/security/cve/CVE-2020-10811.html https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1101471 https://bugzilla.suse.com/1101474 https://bugzilla.suse.com/1102175 https://bugzilla.suse.com/1109167 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109564 https://bugzilla.suse.com/1109565 https://bugzilla.suse.com/1109566 https://bugzilla.suse.com/1109568 https://bugzilla.suse.com/1109569 https://bugzilla.suse.com/1109570 https://bugzilla.suse.com/1167401 https://bugzilla.suse.com/1167404 https://bugzilla.suse.com/1167405 https://bugzilla.suse.com/1179521 https://bugzilla.suse.com/1196682 From sle-updates at lists.suse.com Thu Jun 2 13:19:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:19:09 +0200 (CEST) Subject: SUSE-SU-2022:1911-1: important: Security update for hdf5, suse-hpc Message-ID: <20220602131909.09217FD9D@maintenance.suse.de> SUSE Security Update: Security update for hdf5, suse-hpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1911-1 Rating: important References: #1072087 #1072090 #1072108 #1072111 #1093641 #1093649 #1093653 #1093655 #1093657 #1101471 #1101474 #1101493 #1101495 #1102175 #1109166 #1109167 #1109168 #1109564 #1109565 #1109566 #1109567 #1109568 #1109569 #1109570 #1116458 #1124509 #1133222 #1134298 #1167401 #1167404 #1167405 #1169793 #1174439 #1179521 #1196682 SLE-7766 SLE-7773 SLE-8501 SLE-8604 Cross-References: CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVSS scores: CVE-2017-17505 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17505 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17506 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17506 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17508 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17508 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17509 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17509 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-11202 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11202 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11203 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11203 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11204 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-11207 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11207 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-13869 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13869 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-13870 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13870 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14460 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-17233 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17233 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17234 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17435 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17435 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10809 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10810 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS ______________________________________________________________________________ An update that solves 27 vulnerabilities, contains four features and has 8 fixes is now available. Description: This update for hdf5, suse-hpc fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493). - CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495). - CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). - CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655). - CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649). - CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641). - CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111). - CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108). - CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090). - CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087). Bugfixes: - Expand modules handling (bsc#1116458). - Fix default moduleversion link generation and deletion (bsc#1124509). - Set higher constraints for succesfull mpich tests (bsc#1133222). - Fix library link flags on pkg-config file for HPC builds (bsc#1134298). - Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793). - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). - Add build support for gcc10 to HPC build (bsc#1174439). - Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604). - Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773). - HDF5 version Update to 1.10.5 (jsc#SLE-8501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1911=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1911=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150000.8.4.3 libhdf5-gnu-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_cpp-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_cpp-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 suse-hpc-0.5.20220206.0c6b168-150000.11.3.1 suse-hpc-debuginfo-0.5.20220206.0c6b168-150000.11.3.1 suse-hpc-debugsource-0.5.20220206.0c6b168-150000.11.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): hdf5-gnu-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150000.8.4.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150000.8.4.3 hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150000.8.4.3 libhdf5-gnu-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_cpp-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_cpp-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3 libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150000.8.4.3 suse-hpc-0.5.20220206.0c6b168-150000.11.3.1 suse-hpc-debuginfo-0.5.20220206.0c6b168-150000.11.3.1 suse-hpc-debugsource-0.5.20220206.0c6b168-150000.11.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): hdf5-gnu-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-mpich-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-mvapich2-hpc-devel-1.10.8-150000.8.4.3 hdf5-gnu-openmpi2-hpc-devel-1.10.8-150000.8.4.3 References: https://www.suse.com/security/cve/CVE-2017-17505.html https://www.suse.com/security/cve/CVE-2017-17506.html https://www.suse.com/security/cve/CVE-2017-17508.html https://www.suse.com/security/cve/CVE-2017-17509.html https://www.suse.com/security/cve/CVE-2018-11202.html https://www.suse.com/security/cve/CVE-2018-11203.html https://www.suse.com/security/cve/CVE-2018-11204.html https://www.suse.com/security/cve/CVE-2018-11206.html https://www.suse.com/security/cve/CVE-2018-11207.html https://www.suse.com/security/cve/CVE-2018-13869.html https://www.suse.com/security/cve/CVE-2018-13870.html https://www.suse.com/security/cve/CVE-2018-14032.html https://www.suse.com/security/cve/CVE-2018-14033.html https://www.suse.com/security/cve/CVE-2018-14460.html https://www.suse.com/security/cve/CVE-2018-17233.html https://www.suse.com/security/cve/CVE-2018-17234.html https://www.suse.com/security/cve/CVE-2018-17237.html https://www.suse.com/security/cve/CVE-2018-17432.html https://www.suse.com/security/cve/CVE-2018-17433.html https://www.suse.com/security/cve/CVE-2018-17434.html https://www.suse.com/security/cve/CVE-2018-17435.html https://www.suse.com/security/cve/CVE-2018-17436.html https://www.suse.com/security/cve/CVE-2018-17437.html https://www.suse.com/security/cve/CVE-2018-17438.html https://www.suse.com/security/cve/CVE-2020-10809.html https://www.suse.com/security/cve/CVE-2020-10810.html https://www.suse.com/security/cve/CVE-2020-10811.html https://bugzilla.suse.com/1072087 https://bugzilla.suse.com/1072090 https://bugzilla.suse.com/1072108 https://bugzilla.suse.com/1072111 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1101471 https://bugzilla.suse.com/1101474 https://bugzilla.suse.com/1101493 https://bugzilla.suse.com/1101495 https://bugzilla.suse.com/1102175 https://bugzilla.suse.com/1109166 https://bugzilla.suse.com/1109167 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109564 https://bugzilla.suse.com/1109565 https://bugzilla.suse.com/1109566 https://bugzilla.suse.com/1109567 https://bugzilla.suse.com/1109568 https://bugzilla.suse.com/1109569 https://bugzilla.suse.com/1109570 https://bugzilla.suse.com/1116458 https://bugzilla.suse.com/1124509 https://bugzilla.suse.com/1133222 https://bugzilla.suse.com/1134298 https://bugzilla.suse.com/1167401 https://bugzilla.suse.com/1167404 https://bugzilla.suse.com/1167405 https://bugzilla.suse.com/1169793 https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1179521 https://bugzilla.suse.com/1196682 From sle-updates at lists.suse.com Thu Jun 2 13:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:22:33 +0200 (CEST) Subject: SUSE-RU-2022:1914-1: moderate: Recommended update for deepsea Message-ID: <20220602132233.3FEDCFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1914-1 Rating: moderate References: #1198929 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: - Version: 0.9.40 - Take drivegroup targets into account for rebuild.node (bsc#1198929) - Allow rebuild.node on empty clusters with no PGs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1914=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.40+git.0.64cf6c35-150100.3.50.1 deepsea-cli-0.9.40+git.0.64cf6c35-150100.3.50.1 References: https://bugzilla.suse.com/1198929 From sle-updates at lists.suse.com Thu Jun 2 13:23:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:23:09 +0200 (CEST) Subject: SUSE-RU-2022:0003-2: moderate: Recommended update for libgcrypt Message-ID: <20220602132309.B6919FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0003-2 Rating: moderate References: #1193480 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-3=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-3=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-3=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE OpenStack Cloud 9 (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE OpenStack Cloud 8 (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 - HPE Helion Openstack 8 (x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 References: https://bugzilla.suse.com/1193480 From sle-updates at lists.suse.com Thu Jun 2 13:23:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:23:47 +0200 (CEST) Subject: SUSE-RU-2022:1915-1: moderate: Recommended update for autoyast2 Message-ID: <20220602132347.E0CA8FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1915-1 Rating: moderate References: #1199000 #1199165 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Fix detection disk serial and size in the "disks" ERB helper (bsc#1199000) - Fix rules validation when using a dialog (bsc#1199165) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1915=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1915=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-schema-default-4.4.12-150400.3.3.1 yast2-schema-micro-4.4.12-150400.3.3.1 - openSUSE Leap 15.4 (noarch): autoyast2-4.4.37-150400.3.3.1 autoyast2-installation-4.4.37-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-schema-default-4.4.12-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): autoyast2-4.4.37-150400.3.3.1 autoyast2-installation-4.4.37-150400.3.3.1 References: https://bugzilla.suse.com/1199000 https://bugzilla.suse.com/1199165 From sle-updates at lists.suse.com Thu Jun 2 13:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:24:26 +0200 (CEST) Subject: SUSE-SU-2022:1919-1: moderate: Security update for udisks2 Message-ID: <20220602132426.7B91EFD9D@maintenance.suse.de> SUSE Security Update: Security update for udisks2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1919-1 Rating: moderate References: #1190606 Cross-References: CVE-2021-3802 CVSS scores: CVE-2021-3802 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed denial of service vulnerability caused by insecure defaults in user-accessible mount helpers (bsc#1190606). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1919=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1919=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libudisks2-0-2.9.2-150400.3.3.1 libudisks2-0-debuginfo-2.9.2-150400.3.3.1 libudisks2-0-devel-2.9.2-150400.3.3.1 libudisks2-0_bcache-2.9.2-150400.3.3.1 libudisks2-0_bcache-debuginfo-2.9.2-150400.3.3.1 libudisks2-0_btrfs-2.9.2-150400.3.3.1 libudisks2-0_btrfs-debuginfo-2.9.2-150400.3.3.1 libudisks2-0_lsm-2.9.2-150400.3.3.1 libudisks2-0_lsm-debuginfo-2.9.2-150400.3.3.1 libudisks2-0_lvm2-2.9.2-150400.3.3.1 libudisks2-0_lvm2-debuginfo-2.9.2-150400.3.3.1 libudisks2-0_vdo-2.9.2-150400.3.3.1 libudisks2-0_vdo-debuginfo-2.9.2-150400.3.3.1 libudisks2-0_zram-2.9.2-150400.3.3.1 libudisks2-0_zram-debuginfo-2.9.2-150400.3.3.1 typelib-1_0-UDisks-2_0-2.9.2-150400.3.3.1 udisks2-2.9.2-150400.3.3.1 udisks2-debuginfo-2.9.2-150400.3.3.1 udisks2-debugsource-2.9.2-150400.3.3.1 - openSUSE Leap 15.4 (noarch): udisks2-lang-2.9.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libudisks2-0-2.9.2-150400.3.3.1 libudisks2-0-debuginfo-2.9.2-150400.3.3.1 libudisks2-0-devel-2.9.2-150400.3.3.1 typelib-1_0-UDisks-2_0-2.9.2-150400.3.3.1 udisks2-2.9.2-150400.3.3.1 udisks2-debuginfo-2.9.2-150400.3.3.1 udisks2-debugsource-2.9.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): udisks2-lang-2.9.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3802.html https://bugzilla.suse.com/1190606 From sle-updates at lists.suse.com Thu Jun 2 13:25:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:25:00 +0200 (CEST) Subject: SUSE-SU-2022:1918-1: moderate: Security update for rubygem-yajl-ruby Message-ID: <20220602132500.96EBFFD9D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-yajl-ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1918-1 Rating: moderate References: #1198405 Cross-References: CVE-2022-24795 CVSS scores: CVE-2022-24795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-yajl-ruby fixes the following issue: -CVE-2022-24795: Fixed a heap-based buffer overflow when handling large inputs due to an integer overflow (bsc#1198405) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1918=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1918=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 ruby2.1-rubygem-yajl-ruby-debuginfo-1.3.1-4.6.1 rubygem-yajl-ruby-debugsource-1.3.1-4.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 ruby2.1-rubygem-yajl-ruby-debuginfo-1.3.1-4.6.1 rubygem-yajl-ruby-debugsource-1.3.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-24795.html https://bugzilla.suse.com/1198405 From sle-updates at lists.suse.com Thu Jun 2 13:25:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 15:25:38 +0200 (CEST) Subject: SUSE-RU-2022:1913-1: moderate: Recommended update for aws-iam-authenticator Message-ID: <20220602132538.5ABF2FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-iam-authenticator ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1913-1 Rating: moderate References: #1197703 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-iam-authenticator fixes the following issues: - Update in SLE-15 (bsc#1197703) - Update to version 0.5.3 * Bump Go to 1.15 in Travis (#361) * Update aws sdk go v1.37.1 (#360) * (arn): validate partition against all partitions returned by the aws sdk (#348) * Document AccessKeyId from UserInfo (#332) * Support IPv6 listen address (#352) * Added user agent to AWS SDK (#359) * Remove Chris Hein from OWNERS (#351) * Add instructions for the release process (#346) - from version 0.5.2 * Added partition flag (#341) * Update link to Kops docs site (#338) * Security Improvements on the example yaml (#335) * Fix RBAC on example file: service account requires get to ConfigMap (#334) * Add AccessKeyID as variable for username (#337) * Added server side AWS account ID log redaction (#327) - from version 0.5.1 * Update examples/README (#317) * Changelog gen (#318) * Fix CRD mapper blocking all others because caches never sync and revamp backend-mode flag (#303) * Update aws-sdk-go to version v1.30.0 (#306) * Bump k8s.io/ dependencies to 1.16.8 (#305) * chown aws-iam-authenticator to avoid permission denied (#302) * Indentation and unit test improvements (#298) * Adding Rate limiting ec2:DescribeInstances API along with Batching for high TPS (#292) * Restrict ClusterRole to readonly IAMIdentityMapping access (#287) * added selector to spec and changed from extenstions to apps/v1 (#291) * Add AWS AccessKeyID as an extra field in UserInfo (#286) * Allow server port customization (#278) - from version 0.5.0 * Remove DNS-1123 validation of usernames and groups (#260) * switch to use regional sts endpoint & imdsV2 (#283) * Add AWS Access Key ID to log (#282) * Require to pass in interface instead of the concrete type (#279) * Refactor to allow configurable backends (configmap, eks configmap, crd) (#269) * Update go version (#255) * Adding session name parameter to TokenGenerator (#272) * Rename prometheus metrics to match new project name (#249) * Remove inactive approvers, add wongma7 (#266) * Update aws-sdk-go to v1.23.11 (257) * Added go module download check (#259) * Updating goreleaser yaml to fix deprecated options (#252) * Remove deprecated language from README (#244) * Lowercase ARN inside doMapping and log about it (#239) * IAMIdentityMapping CRD Implementation (#116) * Adding micahhausler as approver (#237) * add support for passing externalID to assume role (#228) * Update README.md (#231) * Using sigs.k8s.io domain instead of github.com (#223) * Refactored EC2 API calls to be testable (#226) * Include aws request ID when logging errors (#178) - Remove global Go project variables - Set GO111MODULE=off to force use of vendored modules - Update Go build paths Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1913=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1913=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1913=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1913=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1913=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1913=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): aws-iam-authenticator-0.5.3-150000.1.6.1 References: https://bugzilla.suse.com/1197703 From sle-updates at lists.suse.com Thu Jun 2 16:16:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:16:49 +0200 (CEST) Subject: SUSE-SU-2022:1921-1: important: Security update for MozillaFirefox Message-ID: <20220602161649.875CBF386@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1921-1 Rating: important References: #1200027 Cross-References: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVSS scores: CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1921=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1921=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1921=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1921=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1921=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1921=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1921=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1921=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1921=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1921=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1921=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1921=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1921=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.10.0-112.114.1 MozillaFirefox-debuginfo-91.10.0-112.114.1 MozillaFirefox-debugsource-91.10.0-112.114.1 MozillaFirefox-devel-91.10.0-112.114.1 MozillaFirefox-translations-common-91.10.0-112.114.1 References: https://www.suse.com/security/cve/CVE-2022-31736.html https://www.suse.com/security/cve/CVE-2022-31737.html https://www.suse.com/security/cve/CVE-2022-31738.html https://www.suse.com/security/cve/CVE-2022-31739.html https://www.suse.com/security/cve/CVE-2022-31740.html https://www.suse.com/security/cve/CVE-2022-31741.html https://www.suse.com/security/cve/CVE-2022-31742.html https://www.suse.com/security/cve/CVE-2022-31747.html https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Thu Jun 2 16:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:17:50 +0200 (CEST) Subject: SUSE-SU-2022:1920-1: important: Security update for MozillaFirefox Message-ID: <20220602161750.4062FF386@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1920-1 Rating: important References: #1200027 Cross-References: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVSS scores: CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1920=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1920=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1920=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1920=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1920=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1920=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1920=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1920=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1920=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1920=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1920=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1920=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1920=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-branding-upstream-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-branding-upstream-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.10.0-150200.152.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.10.0-150200.152.43.1 MozillaFirefox-debuginfo-91.10.0-150200.152.43.1 MozillaFirefox-debugsource-91.10.0-150200.152.43.1 MozillaFirefox-devel-91.10.0-150200.152.43.1 MozillaFirefox-translations-common-91.10.0-150200.152.43.1 MozillaFirefox-translations-other-91.10.0-150200.152.43.1 References: https://www.suse.com/security/cve/CVE-2022-31736.html https://www.suse.com/security/cve/CVE-2022-31737.html https://www.suse.com/security/cve/CVE-2022-31738.html https://www.suse.com/security/cve/CVE-2022-31739.html https://www.suse.com/security/cve/CVE-2022-31740.html https://www.suse.com/security/cve/CVE-2022-31741.html https://www.suse.com/security/cve/CVE-2022-31742.html https://www.suse.com/security/cve/CVE-2022-31747.html https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Thu Jun 2 16:18:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:18:36 +0200 (CEST) Subject: SUSE-RU-2020:3253-2: moderate: Recommended update for mozilla-nss Message-ID: <20220602161836.BFB69FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3253-2 Rating: moderate References: #1174697 #1176173 Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-1922=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 s390x x86_64): libfreebl3-3.53.1-3.51.1 libfreebl3-debuginfo-3.53.1-3.51.1 libfreebl3-hmac-3.53.1-3.51.1 libsoftokn3-3.53.1-3.51.1 libsoftokn3-debuginfo-3.53.1-3.51.1 libsoftokn3-hmac-3.53.1-3.51.1 mozilla-nss-3.53.1-3.51.1 mozilla-nss-certs-3.53.1-3.51.1 mozilla-nss-certs-debuginfo-3.53.1-3.51.1 mozilla-nss-debuginfo-3.53.1-3.51.1 mozilla-nss-debugsource-3.53.1-3.51.1 mozilla-nss-devel-3.53.1-3.51.1 mozilla-nss-sysinit-3.53.1-3.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.51.1 mozilla-nss-tools-3.53.1-3.51.1 mozilla-nss-tools-debuginfo-3.53.1-3.51.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libfreebl3-32bit-3.53.1-3.51.1 libfreebl3-32bit-debuginfo-3.53.1-3.51.1 libfreebl3-hmac-32bit-3.53.1-3.51.1 libsoftokn3-32bit-3.53.1-3.51.1 libsoftokn3-32bit-debuginfo-3.53.1-3.51.1 libsoftokn3-hmac-32bit-3.53.1-3.51.1 mozilla-nss-32bit-3.53.1-3.51.1 mozilla-nss-32bit-debuginfo-3.53.1-3.51.1 mozilla-nss-certs-32bit-3.53.1-3.51.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.51.1 mozilla-nss-sysinit-32bit-3.53.1-3.51.1 mozilla-nss-sysinit-32bit-debuginfo-3.53.1-3.51.1 References: https://bugzilla.suse.com/1174697 https://bugzilla.suse.com/1176173 From sle-updates at lists.suse.com Thu Jun 2 16:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:19:15 +0200 (CEST) Subject: SUSE-SU-2022:1925-1: moderate: Security update for patch Message-ID: <20220602161915.81D89FD9D@maintenance.suse.de> SUSE Security Update: Security update for patch ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1925-1 Rating: moderate References: #1080985 #1111572 #1142041 #1198106 Cross-References: CVE-2018-6952 CVE-2019-13636 CVSS scores: CVE-2018-6952 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-6952 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13636 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-13636 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1925=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1925=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1925=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1925=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): patch-2.7.6-150000.5.3.1 patch-debuginfo-2.7.6-150000.5.3.1 patch-debugsource-2.7.6-150000.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): patch-2.7.6-150000.5.3.1 patch-debuginfo-2.7.6-150000.5.3.1 patch-debugsource-2.7.6-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): patch-2.7.6-150000.5.3.1 patch-debuginfo-2.7.6-150000.5.3.1 patch-debugsource-2.7.6-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): patch-2.7.6-150000.5.3.1 patch-debuginfo-2.7.6-150000.5.3.1 patch-debugsource-2.7.6-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2018-6952.html https://www.suse.com/security/cve/CVE-2019-13636.html https://bugzilla.suse.com/1080985 https://bugzilla.suse.com/1111572 https://bugzilla.suse.com/1142041 https://bugzilla.suse.com/1198106 From sle-updates at lists.suse.com Thu Jun 2 16:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:20:15 +0200 (CEST) Subject: SUSE-SU-2022:1923-1: important: Security update for kernel-firmware Message-ID: <20220602162015.E369EFD9D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1923-1 Rating: important References: #1195786 #1199459 #1199470 Cross-References: CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-33139 CVE-2021-33155 CVE-2021-46744 CVSS scores: CVE-2021-26312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-26339 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26339 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26342 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-26342 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-26347 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26348 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-26349 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-26350 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26364 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26372 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26378 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-26388 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46744 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-46744 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: Update to version 20220411 (git commit f219d616f42b, bsc#1199459): - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312: Update AMD cpu microcode Update to version 20220309 (git commit cd01f857da28, bsc#1199470): - CVE-2021-46744: Ciphertext Side Channels on AMD SEV Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1923=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1923=1 Package List: - openSUSE Leap 15.4 (noarch): kernel-firmware-20220509-150400.4.5.1 kernel-firmware-all-20220509-150400.4.5.1 kernel-firmware-amdgpu-20220509-150400.4.5.1 kernel-firmware-ath10k-20220509-150400.4.5.1 kernel-firmware-ath11k-20220509-150400.4.5.1 kernel-firmware-atheros-20220509-150400.4.5.1 kernel-firmware-bluetooth-20220509-150400.4.5.1 kernel-firmware-bnx2-20220509-150400.4.5.1 kernel-firmware-brcm-20220509-150400.4.5.1 kernel-firmware-chelsio-20220509-150400.4.5.1 kernel-firmware-dpaa2-20220509-150400.4.5.1 kernel-firmware-i915-20220509-150400.4.5.1 kernel-firmware-intel-20220509-150400.4.5.1 kernel-firmware-iwlwifi-20220509-150400.4.5.1 kernel-firmware-liquidio-20220509-150400.4.5.1 kernel-firmware-marvell-20220509-150400.4.5.1 kernel-firmware-media-20220509-150400.4.5.1 kernel-firmware-mediatek-20220509-150400.4.5.1 kernel-firmware-mellanox-20220509-150400.4.5.1 kernel-firmware-mwifiex-20220509-150400.4.5.1 kernel-firmware-network-20220509-150400.4.5.1 kernel-firmware-nfp-20220509-150400.4.5.1 kernel-firmware-nvidia-20220509-150400.4.5.1 kernel-firmware-platform-20220509-150400.4.5.1 kernel-firmware-prestera-20220509-150400.4.5.1 kernel-firmware-qcom-20220509-150400.4.5.1 kernel-firmware-qlogic-20220509-150400.4.5.1 kernel-firmware-radeon-20220509-150400.4.5.1 kernel-firmware-realtek-20220509-150400.4.5.1 kernel-firmware-serial-20220509-150400.4.5.1 kernel-firmware-sound-20220509-150400.4.5.1 kernel-firmware-ti-20220509-150400.4.5.1 kernel-firmware-ueagle-20220509-150400.4.5.1 kernel-firmware-usb-network-20220509-150400.4.5.1 ucode-amd-20220509-150400.4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-firmware-all-20220509-150400.4.5.1 kernel-firmware-amdgpu-20220509-150400.4.5.1 kernel-firmware-ath10k-20220509-150400.4.5.1 kernel-firmware-ath11k-20220509-150400.4.5.1 kernel-firmware-atheros-20220509-150400.4.5.1 kernel-firmware-bluetooth-20220509-150400.4.5.1 kernel-firmware-bnx2-20220509-150400.4.5.1 kernel-firmware-brcm-20220509-150400.4.5.1 kernel-firmware-chelsio-20220509-150400.4.5.1 kernel-firmware-dpaa2-20220509-150400.4.5.1 kernel-firmware-i915-20220509-150400.4.5.1 kernel-firmware-intel-20220509-150400.4.5.1 kernel-firmware-iwlwifi-20220509-150400.4.5.1 kernel-firmware-liquidio-20220509-150400.4.5.1 kernel-firmware-marvell-20220509-150400.4.5.1 kernel-firmware-media-20220509-150400.4.5.1 kernel-firmware-mediatek-20220509-150400.4.5.1 kernel-firmware-mellanox-20220509-150400.4.5.1 kernel-firmware-mwifiex-20220509-150400.4.5.1 kernel-firmware-network-20220509-150400.4.5.1 kernel-firmware-nfp-20220509-150400.4.5.1 kernel-firmware-nvidia-20220509-150400.4.5.1 kernel-firmware-platform-20220509-150400.4.5.1 kernel-firmware-prestera-20220509-150400.4.5.1 kernel-firmware-qcom-20220509-150400.4.5.1 kernel-firmware-qlogic-20220509-150400.4.5.1 kernel-firmware-radeon-20220509-150400.4.5.1 kernel-firmware-realtek-20220509-150400.4.5.1 kernel-firmware-serial-20220509-150400.4.5.1 kernel-firmware-sound-20220509-150400.4.5.1 kernel-firmware-ti-20220509-150400.4.5.1 kernel-firmware-ueagle-20220509-150400.4.5.1 kernel-firmware-usb-network-20220509-150400.4.5.1 ucode-amd-20220509-150400.4.5.1 References: https://www.suse.com/security/cve/CVE-2021-26312.html https://www.suse.com/security/cve/CVE-2021-26339.html https://www.suse.com/security/cve/CVE-2021-26342.html https://www.suse.com/security/cve/CVE-2021-26347.html https://www.suse.com/security/cve/CVE-2021-26348.html https://www.suse.com/security/cve/CVE-2021-26349.html https://www.suse.com/security/cve/CVE-2021-26350.html https://www.suse.com/security/cve/CVE-2021-26364.html https://www.suse.com/security/cve/CVE-2021-26372.html https://www.suse.com/security/cve/CVE-2021-26373.html https://www.suse.com/security/cve/CVE-2021-26375.html https://www.suse.com/security/cve/CVE-2021-26376.html https://www.suse.com/security/cve/CVE-2021-26378.html https://www.suse.com/security/cve/CVE-2021-26388.html https://www.suse.com/security/cve/CVE-2021-33139.html https://www.suse.com/security/cve/CVE-2021-33155.html https://www.suse.com/security/cve/CVE-2021-46744.html https://bugzilla.suse.com/1195786 https://bugzilla.suse.com/1199459 https://bugzilla.suse.com/1199470 From sle-updates at lists.suse.com Thu Jun 2 16:21:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 18:21:10 +0200 (CEST) Subject: SUSE-RU-2022:1924-1: moderate: Recommended update for mutter Message-ID: <20220602162110.4A7B6FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1924-1 Rating: moderate References: #1199382 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter fixes the following issues: - Fix SIGSEGV in meta_context_terminate (bsc#1199382 glgo#GNOME/mutter#2267). - Update to version 41.5: + Fix X11 wayland drops ending up in the wrong wayland client. + Allow forcing EGLStream backend. + Updated translations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1924=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1924=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mutter-41.5-150400.3.3.1 mutter-debuginfo-41.5-150400.3.3.1 mutter-debugsource-41.5-150400.3.3.1 mutter-devel-41.5-150400.3.3.1 - openSUSE Leap 15.4 (noarch): mutter-lang-41.5-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): mutter-41.5-150400.3.3.1 mutter-debuginfo-41.5-150400.3.3.1 mutter-debugsource-41.5-150400.3.3.1 mutter-devel-41.5-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): mutter-lang-41.5-150400.3.3.1 References: https://bugzilla.suse.com/1199382 From sle-updates at lists.suse.com Thu Jun 2 19:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 21:16:21 +0200 (CEST) Subject: SUSE-SU-2022:1930-1: moderate: Security update for libarchive Message-ID: <20220602191621.D3FACF386@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1930-1 Rating: moderate References: #1022528 #1188572 #1189528 #1197634 Cross-References: CVE-2017-5601 CVE-2021-36976 CVE-2022-26280 CVSS scores: CVE-2017-5601 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-5601 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-36976 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36976 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-26280 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26280 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634). - CVE-2021-36976: Fixed use-after-free in copy_string (called from do_uncompress_block and process_block) (bsc#1188572). - CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service (bsc#1197634, bsc#1189528). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1930=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1930=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1930=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.3.1 bsdtar-debuginfo-3.5.1-150400.3.3.1 libarchive-debugsource-3.5.1-150400.3.3.1 libarchive-devel-3.5.1-150400.3.3.1 libarchive13-3.5.1-150400.3.3.1 libarchive13-debuginfo-3.5.1-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libarchive13-32bit-3.5.1-150400.3.3.1 libarchive13-32bit-debuginfo-3.5.1-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bsdtar-3.5.1-150400.3.3.1 bsdtar-debuginfo-3.5.1-150400.3.3.1 libarchive-debugsource-3.5.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.5.1-150400.3.3.1 libarchive-devel-3.5.1-150400.3.3.1 libarchive13-3.5.1-150400.3.3.1 libarchive13-debuginfo-3.5.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2017-5601.html https://www.suse.com/security/cve/CVE-2021-36976.html https://www.suse.com/security/cve/CVE-2022-26280.html https://bugzilla.suse.com/1022528 https://bugzilla.suse.com/1188572 https://bugzilla.suse.com/1189528 https://bugzilla.suse.com/1197634 From sle-updates at lists.suse.com Thu Jun 2 19:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 21:17:09 +0200 (CEST) Subject: SUSE-SU-2022:1928-1: Security update for php8 Message-ID: <20220602191709.58368F386@maintenance.suse.de> SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1928-1 Rating: low References: #1197644 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for php8 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1928=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-1928=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.10-150400.4.3.1 apache2-mod_php8-debuginfo-8.0.10-150400.4.3.1 apache2-mod_php8-debugsource-8.0.10-150400.4.3.1 php8-8.0.10-150400.4.3.1 php8-bcmath-8.0.10-150400.4.3.1 php8-bcmath-debuginfo-8.0.10-150400.4.3.1 php8-bz2-8.0.10-150400.4.3.1 php8-bz2-debuginfo-8.0.10-150400.4.3.1 php8-calendar-8.0.10-150400.4.3.1 php8-calendar-debuginfo-8.0.10-150400.4.3.1 php8-cli-8.0.10-150400.4.3.1 php8-cli-debuginfo-8.0.10-150400.4.3.1 php8-ctype-8.0.10-150400.4.3.1 php8-ctype-debuginfo-8.0.10-150400.4.3.1 php8-curl-8.0.10-150400.4.3.1 php8-curl-debuginfo-8.0.10-150400.4.3.1 php8-dba-8.0.10-150400.4.3.1 php8-dba-debuginfo-8.0.10-150400.4.3.1 php8-debuginfo-8.0.10-150400.4.3.1 php8-debugsource-8.0.10-150400.4.3.1 php8-devel-8.0.10-150400.4.3.1 php8-dom-8.0.10-150400.4.3.1 php8-dom-debuginfo-8.0.10-150400.4.3.1 php8-embed-8.0.10-150400.4.3.1 php8-embed-debuginfo-8.0.10-150400.4.3.1 php8-embed-debugsource-8.0.10-150400.4.3.1 php8-enchant-8.0.10-150400.4.3.1 php8-enchant-debuginfo-8.0.10-150400.4.3.1 php8-exif-8.0.10-150400.4.3.1 php8-exif-debuginfo-8.0.10-150400.4.3.1 php8-fastcgi-8.0.10-150400.4.3.1 php8-fastcgi-debuginfo-8.0.10-150400.4.3.1 php8-fastcgi-debugsource-8.0.10-150400.4.3.1 php8-fileinfo-8.0.10-150400.4.3.1 php8-fileinfo-debuginfo-8.0.10-150400.4.3.1 php8-fpm-8.0.10-150400.4.3.1 php8-fpm-debuginfo-8.0.10-150400.4.3.1 php8-fpm-debugsource-8.0.10-150400.4.3.1 php8-ftp-8.0.10-150400.4.3.1 php8-ftp-debuginfo-8.0.10-150400.4.3.1 php8-gd-8.0.10-150400.4.3.1 php8-gd-debuginfo-8.0.10-150400.4.3.1 php8-gettext-8.0.10-150400.4.3.1 php8-gettext-debuginfo-8.0.10-150400.4.3.1 php8-gmp-8.0.10-150400.4.3.1 php8-gmp-debuginfo-8.0.10-150400.4.3.1 php8-iconv-8.0.10-150400.4.3.1 php8-iconv-debuginfo-8.0.10-150400.4.3.1 php8-intl-8.0.10-150400.4.3.1 php8-intl-debuginfo-8.0.10-150400.4.3.1 php8-ldap-8.0.10-150400.4.3.1 php8-ldap-debuginfo-8.0.10-150400.4.3.1 php8-mbstring-8.0.10-150400.4.3.1 php8-mbstring-debuginfo-8.0.10-150400.4.3.1 php8-mysql-8.0.10-150400.4.3.1 php8-mysql-debuginfo-8.0.10-150400.4.3.1 php8-odbc-8.0.10-150400.4.3.1 php8-odbc-debuginfo-8.0.10-150400.4.3.1 php8-opcache-8.0.10-150400.4.3.1 php8-opcache-debuginfo-8.0.10-150400.4.3.1 php8-openssl-8.0.10-150400.4.3.1 php8-openssl-debuginfo-8.0.10-150400.4.3.1 php8-pcntl-8.0.10-150400.4.3.1 php8-pcntl-debuginfo-8.0.10-150400.4.3.1 php8-pdo-8.0.10-150400.4.3.1 php8-pdo-debuginfo-8.0.10-150400.4.3.1 php8-pgsql-8.0.10-150400.4.3.1 php8-pgsql-debuginfo-8.0.10-150400.4.3.1 php8-phar-8.0.10-150400.4.3.1 php8-phar-debuginfo-8.0.10-150400.4.3.1 php8-posix-8.0.10-150400.4.3.1 php8-posix-debuginfo-8.0.10-150400.4.3.1 php8-readline-8.0.10-150400.4.3.1 php8-readline-debuginfo-8.0.10-150400.4.3.1 php8-shmop-8.0.10-150400.4.3.1 php8-shmop-debuginfo-8.0.10-150400.4.3.1 php8-snmp-8.0.10-150400.4.3.1 php8-snmp-debuginfo-8.0.10-150400.4.3.1 php8-soap-8.0.10-150400.4.3.1 php8-soap-debuginfo-8.0.10-150400.4.3.1 php8-sockets-8.0.10-150400.4.3.1 php8-sockets-debuginfo-8.0.10-150400.4.3.1 php8-sodium-8.0.10-150400.4.3.1 php8-sodium-debuginfo-8.0.10-150400.4.3.1 php8-sqlite-8.0.10-150400.4.3.1 php8-sqlite-debuginfo-8.0.10-150400.4.3.1 php8-sysvmsg-8.0.10-150400.4.3.1 php8-sysvmsg-debuginfo-8.0.10-150400.4.3.1 php8-sysvsem-8.0.10-150400.4.3.1 php8-sysvsem-debuginfo-8.0.10-150400.4.3.1 php8-sysvshm-8.0.10-150400.4.3.1 php8-sysvshm-debuginfo-8.0.10-150400.4.3.1 php8-test-8.0.10-150400.4.3.2 php8-tidy-8.0.10-150400.4.3.1 php8-tidy-debuginfo-8.0.10-150400.4.3.1 php8-tokenizer-8.0.10-150400.4.3.1 php8-tokenizer-debuginfo-8.0.10-150400.4.3.1 php8-xmlreader-8.0.10-150400.4.3.1 php8-xmlreader-debuginfo-8.0.10-150400.4.3.1 php8-xmlwriter-8.0.10-150400.4.3.1 php8-xmlwriter-debuginfo-8.0.10-150400.4.3.1 php8-xsl-8.0.10-150400.4.3.1 php8-xsl-debuginfo-8.0.10-150400.4.3.1 php8-zip-8.0.10-150400.4.3.1 php8-zip-debuginfo-8.0.10-150400.4.3.1 php8-zlib-8.0.10-150400.4.3.1 php8-zlib-debuginfo-8.0.10-150400.4.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.10-150400.4.3.1 apache2-mod_php8-debuginfo-8.0.10-150400.4.3.1 apache2-mod_php8-debugsource-8.0.10-150400.4.3.1 php8-8.0.10-150400.4.3.1 php8-bcmath-8.0.10-150400.4.3.1 php8-bcmath-debuginfo-8.0.10-150400.4.3.1 php8-bz2-8.0.10-150400.4.3.1 php8-bz2-debuginfo-8.0.10-150400.4.3.1 php8-calendar-8.0.10-150400.4.3.1 php8-calendar-debuginfo-8.0.10-150400.4.3.1 php8-cli-8.0.10-150400.4.3.1 php8-cli-debuginfo-8.0.10-150400.4.3.1 php8-ctype-8.0.10-150400.4.3.1 php8-ctype-debuginfo-8.0.10-150400.4.3.1 php8-curl-8.0.10-150400.4.3.1 php8-curl-debuginfo-8.0.10-150400.4.3.1 php8-dba-8.0.10-150400.4.3.1 php8-dba-debuginfo-8.0.10-150400.4.3.1 php8-debuginfo-8.0.10-150400.4.3.1 php8-debugsource-8.0.10-150400.4.3.1 php8-devel-8.0.10-150400.4.3.1 php8-dom-8.0.10-150400.4.3.1 php8-dom-debuginfo-8.0.10-150400.4.3.1 php8-embed-8.0.10-150400.4.3.1 php8-embed-debuginfo-8.0.10-150400.4.3.1 php8-embed-debugsource-8.0.10-150400.4.3.1 php8-enchant-8.0.10-150400.4.3.1 php8-enchant-debuginfo-8.0.10-150400.4.3.1 php8-exif-8.0.10-150400.4.3.1 php8-exif-debuginfo-8.0.10-150400.4.3.1 php8-fastcgi-8.0.10-150400.4.3.1 php8-fastcgi-debuginfo-8.0.10-150400.4.3.1 php8-fastcgi-debugsource-8.0.10-150400.4.3.1 php8-fileinfo-8.0.10-150400.4.3.1 php8-fileinfo-debuginfo-8.0.10-150400.4.3.1 php8-fpm-8.0.10-150400.4.3.1 php8-fpm-debuginfo-8.0.10-150400.4.3.1 php8-fpm-debugsource-8.0.10-150400.4.3.1 php8-ftp-8.0.10-150400.4.3.1 php8-ftp-debuginfo-8.0.10-150400.4.3.1 php8-gd-8.0.10-150400.4.3.1 php8-gd-debuginfo-8.0.10-150400.4.3.1 php8-gettext-8.0.10-150400.4.3.1 php8-gettext-debuginfo-8.0.10-150400.4.3.1 php8-gmp-8.0.10-150400.4.3.1 php8-gmp-debuginfo-8.0.10-150400.4.3.1 php8-iconv-8.0.10-150400.4.3.1 php8-iconv-debuginfo-8.0.10-150400.4.3.1 php8-intl-8.0.10-150400.4.3.1 php8-intl-debuginfo-8.0.10-150400.4.3.1 php8-ldap-8.0.10-150400.4.3.1 php8-ldap-debuginfo-8.0.10-150400.4.3.1 php8-mbstring-8.0.10-150400.4.3.1 php8-mbstring-debuginfo-8.0.10-150400.4.3.1 php8-mysql-8.0.10-150400.4.3.1 php8-mysql-debuginfo-8.0.10-150400.4.3.1 php8-odbc-8.0.10-150400.4.3.1 php8-odbc-debuginfo-8.0.10-150400.4.3.1 php8-opcache-8.0.10-150400.4.3.1 php8-opcache-debuginfo-8.0.10-150400.4.3.1 php8-openssl-8.0.10-150400.4.3.1 php8-openssl-debuginfo-8.0.10-150400.4.3.1 php8-pcntl-8.0.10-150400.4.3.1 php8-pcntl-debuginfo-8.0.10-150400.4.3.1 php8-pdo-8.0.10-150400.4.3.1 php8-pdo-debuginfo-8.0.10-150400.4.3.1 php8-pgsql-8.0.10-150400.4.3.1 php8-pgsql-debuginfo-8.0.10-150400.4.3.1 php8-phar-8.0.10-150400.4.3.1 php8-phar-debuginfo-8.0.10-150400.4.3.1 php8-posix-8.0.10-150400.4.3.1 php8-posix-debuginfo-8.0.10-150400.4.3.1 php8-readline-8.0.10-150400.4.3.1 php8-readline-debuginfo-8.0.10-150400.4.3.1 php8-shmop-8.0.10-150400.4.3.1 php8-shmop-debuginfo-8.0.10-150400.4.3.1 php8-snmp-8.0.10-150400.4.3.1 php8-snmp-debuginfo-8.0.10-150400.4.3.1 php8-soap-8.0.10-150400.4.3.1 php8-soap-debuginfo-8.0.10-150400.4.3.1 php8-sockets-8.0.10-150400.4.3.1 php8-sockets-debuginfo-8.0.10-150400.4.3.1 php8-sodium-8.0.10-150400.4.3.1 php8-sodium-debuginfo-8.0.10-150400.4.3.1 php8-sqlite-8.0.10-150400.4.3.1 php8-sqlite-debuginfo-8.0.10-150400.4.3.1 php8-sysvmsg-8.0.10-150400.4.3.1 php8-sysvmsg-debuginfo-8.0.10-150400.4.3.1 php8-sysvsem-8.0.10-150400.4.3.1 php8-sysvsem-debuginfo-8.0.10-150400.4.3.1 php8-sysvshm-8.0.10-150400.4.3.1 php8-sysvshm-debuginfo-8.0.10-150400.4.3.1 php8-test-8.0.10-150400.4.3.2 php8-tidy-8.0.10-150400.4.3.1 php8-tidy-debuginfo-8.0.10-150400.4.3.1 php8-tokenizer-8.0.10-150400.4.3.1 php8-tokenizer-debuginfo-8.0.10-150400.4.3.1 php8-xmlreader-8.0.10-150400.4.3.1 php8-xmlreader-debuginfo-8.0.10-150400.4.3.1 php8-xmlwriter-8.0.10-150400.4.3.1 php8-xmlwriter-debuginfo-8.0.10-150400.4.3.1 php8-xsl-8.0.10-150400.4.3.1 php8-xsl-debuginfo-8.0.10-150400.4.3.1 php8-zip-8.0.10-150400.4.3.1 php8-zip-debuginfo-8.0.10-150400.4.3.1 php8-zlib-8.0.10-150400.4.3.1 php8-zlib-debuginfo-8.0.10-150400.4.3.1 References: https://bugzilla.suse.com/1197644 From sle-updates at lists.suse.com Thu Jun 2 19:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 21:17:51 +0200 (CEST) Subject: SUSE-SU-2022:1927-1: important: Security update for MozillaFirefox Message-ID: <20220602191751.08F4CF386@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1927-1 Rating: important References: #1200027 Cross-References: CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVSS scores: CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1927=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1927=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1927=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1927=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1927=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1927=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1927=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1927=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1927=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1927=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.10.0-150000.150.44.1 MozillaFirefox-debuginfo-91.10.0-150000.150.44.1 MozillaFirefox-debugsource-91.10.0-150000.150.44.1 MozillaFirefox-devel-91.10.0-150000.150.44.1 MozillaFirefox-translations-common-91.10.0-150000.150.44.1 MozillaFirefox-translations-other-91.10.0-150000.150.44.1 References: https://www.suse.com/security/cve/CVE-2022-31736.html https://www.suse.com/security/cve/CVE-2022-31737.html https://www.suse.com/security/cve/CVE-2022-31738.html https://www.suse.com/security/cve/CVE-2022-31739.html https://www.suse.com/security/cve/CVE-2022-31740.html https://www.suse.com/security/cve/CVE-2022-31741.html https://www.suse.com/security/cve/CVE-2022-31742.html https://www.suse.com/security/cve/CVE-2022-31747.html https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Thu Jun 2 19:18:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 21:18:36 +0200 (CEST) Subject: SUSE-SU-2022:1929-1: moderate: Security update for redis Message-ID: <20220602191836.D4BF8F386@maintenance.suse.de> SUSE Security Update: Security update for redis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1929-1 Rating: moderate References: #1198952 #1198953 Cross-References: CVE-2022-24735 CVE-2022-24736 CVSS scores: CVE-2022-24735 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-24735 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2022-24736 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24736 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection (bsc#1198952). - CVE-2022-24736: Fixed Lua NULL pointer dereference (bsc#1198953). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1929=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1929=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.3.7 redis-debuginfo-6.2.6-150400.3.3.7 redis-debugsource-6.2.6-150400.3.3.7 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): redis-6.2.6-150400.3.3.7 redis-debuginfo-6.2.6-150400.3.3.7 redis-debugsource-6.2.6-150400.3.3.7 References: https://www.suse.com/security/cve/CVE-2022-24735.html https://www.suse.com/security/cve/CVE-2022-24736.html https://bugzilla.suse.com/1198952 https://bugzilla.suse.com/1198953 From sle-updates at lists.suse.com Thu Jun 2 19:19:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2022 21:19:23 +0200 (CEST) Subject: SUSE-RU-2022:1926-1: moderate: Recommended update for gcc11 Message-ID: <20220602191923.65E53F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1926-1 Rating: moderate References: #1192951 #1193659 #1195283 #1196861 #1197065 OBS-124 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 5 recommended fixes and contains one feature can now be installed. Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * Fixes issue with debug dumping together with -o /dev/null * Fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1926=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1926=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1926=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1926=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1926=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1926=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1926=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1926=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1926=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1926=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1926=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2022-1926=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1926=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE OpenStack Cloud 9 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE OpenStack Cloud 8 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libasan6-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libasan6-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libasan6-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le x86_64): libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libhwasan0-11.3.0+git1637-1.10.1 libhwasan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libasan6-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le x86_64): libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libhwasan0-11.3.0+git1637-1.10.1 libhwasan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libasan6-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): libhwasan0-11.3.0+git1637-1.10.1 libhwasan0-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc11-debuginfo-11.3.0+git1637-1.10.1 gcc11-debugsource-11.3.0+git1637-1.10.1 libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp11-11.3.0+git1637-1.10.1 cpp11-debuginfo-11.3.0+git1637-1.10.1 gcc11-11.3.0+git1637-1.10.1 gcc11-PIE-11.3.0+git1637-1.10.1 gcc11-c++-11.3.0+git1637-1.10.1 gcc11-c++-debuginfo-11.3.0+git1637-1.10.1 gcc11-debuginfo-11.3.0+git1637-1.10.1 gcc11-debugsource-11.3.0+git1637-1.10.1 gcc11-fortran-11.3.0+git1637-1.10.1 gcc11-fortran-debuginfo-11.3.0+git1637-1.10.1 gcc11-go-11.3.0+git1637-1.10.1 gcc11-go-debuginfo-11.3.0+git1637-1.10.1 gcc11-locale-11.3.0+git1637-1.10.1 gcc11-obj-c++-11.3.0+git1637-1.10.1 gcc11-obj-c++-debuginfo-11.3.0+git1637-1.10.1 gcc11-objc-11.3.0+git1637-1.10.1 gcc11-objc-debuginfo-11.3.0+git1637-1.10.1 gcc11-testresults-11.3.0+git1637-1.10.1 libstdc++6-devel-gcc11-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 s390x x86_64): gcc11-d-11.3.0+git1637-1.10.1 gcc11-d-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc11-32bit-11.3.0+git1637-1.10.1 gcc11-c++-32bit-11.3.0+git1637-1.10.1 gcc11-d-32bit-11.3.0+git1637-1.10.1 gcc11-fortran-32bit-11.3.0+git1637-1.10.1 gcc11-go-32bit-11.3.0+git1637-1.10.1 gcc11-obj-c++-32bit-11.3.0+git1637-1.10.1 gcc11-objc-32bit-11.3.0+git1637-1.10.1 libstdc++6-devel-gcc11-32bit-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc11-11.3.0+git1637-1.10.1 cross-nvptx-gcc11-debuginfo-11.3.0+git1637-1.10.1 cross-nvptx-gcc11-debugsource-11.3.0+git1637-1.10.1 cross-nvptx-newlib11-devel-11.3.0+git1637-1.10.1 gcc11-ada-11.3.0+git1637-1.10.1 gcc11-ada-32bit-11.3.0+git1637-1.10.1 gcc11-ada-debuginfo-11.3.0+git1637-1.10.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc11-info-11.3.0+git1637-1.10.1 - HPE Helion Openstack 8 (x86_64): libada11-11.3.0+git1637-1.10.1 libada11-32bit-11.3.0+git1637-1.10.1 libada11-32bit-debuginfo-11.3.0+git1637-1.10.1 libada11-debuginfo-11.3.0+git1637-1.10.1 libasan6-11.3.0+git1637-1.10.1 libasan6-32bit-11.3.0+git1637-1.10.1 libasan6-32bit-debuginfo-11.3.0+git1637-1.10.1 libasan6-debuginfo-11.3.0+git1637-1.10.1 libatomic1-11.3.0+git1637-1.10.1 libatomic1-32bit-11.3.0+git1637-1.10.1 libatomic1-32bit-debuginfo-11.3.0+git1637-1.10.1 libatomic1-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-11.3.0+git1637-1.10.1 libgcc_s1-32bit-11.3.0+git1637-1.10.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgcc_s1-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-11.3.0+git1637-1.10.1 libgdruntime2-32bit-11.3.0+git1637-1.10.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgdruntime2-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-11.3.0+git1637-1.10.1 libgfortran5-32bit-11.3.0+git1637-1.10.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-1.10.1 libgfortran5-debuginfo-11.3.0+git1637-1.10.1 libgo19-11.3.0+git1637-1.10.1 libgo19-32bit-11.3.0+git1637-1.10.1 libgo19-32bit-debuginfo-11.3.0+git1637-1.10.1 libgo19-debuginfo-11.3.0+git1637-1.10.1 libgomp1-11.3.0+git1637-1.10.1 libgomp1-32bit-11.3.0+git1637-1.10.1 libgomp1-32bit-debuginfo-11.3.0+git1637-1.10.1 libgomp1-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-11.3.0+git1637-1.10.1 libgphobos2-32bit-11.3.0+git1637-1.10.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-1.10.1 libgphobos2-debuginfo-11.3.0+git1637-1.10.1 libitm1-11.3.0+git1637-1.10.1 libitm1-32bit-11.3.0+git1637-1.10.1 libitm1-32bit-debuginfo-11.3.0+git1637-1.10.1 libitm1-debuginfo-11.3.0+git1637-1.10.1 liblsan0-11.3.0+git1637-1.10.1 liblsan0-debuginfo-11.3.0+git1637-1.10.1 libobjc4-11.3.0+git1637-1.10.1 libobjc4-32bit-11.3.0+git1637-1.10.1 libobjc4-32bit-debuginfo-11.3.0+git1637-1.10.1 libobjc4-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-11.3.0+git1637-1.10.1 libquadmath0-32bit-11.3.0+git1637-1.10.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-1.10.1 libquadmath0-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-11.3.0+git1637-1.10.1 libstdc++6-32bit-11.3.0+git1637-1.10.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-debuginfo-11.3.0+git1637-1.10.1 libstdc++6-locale-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-11.3.0+git1637-1.10.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-1.10.1 libtsan0-11.3.0+git1637-1.10.1 libtsan0-debuginfo-11.3.0+git1637-1.10.1 libubsan1-11.3.0+git1637-1.10.1 libubsan1-32bit-11.3.0+git1637-1.10.1 libubsan1-32bit-debuginfo-11.3.0+git1637-1.10.1 libubsan1-debuginfo-11.3.0+git1637-1.10.1 References: https://bugzilla.suse.com/1192951 https://bugzilla.suse.com/1193659 https://bugzilla.suse.com/1195283 https://bugzilla.suse.com/1196861 https://bugzilla.suse.com/1197065 From sle-updates at lists.suse.com Fri Jun 3 07:29:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 09:29:27 +0200 (CEST) Subject: SUSE-CU-2022:1267-1: Recommended update of suse/sles12sp5 Message-ID: <20220603072927.D6E25F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1267-1 Container Tags : suse/sles12sp5:6.5.337 , suse/sles12sp5:latest Container Release : 6.5.337 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1926-1 Released: Thu Jun 2 16:06:59 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * Fixes issue with debug dumping together with -o /dev/null * Fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-1.10.1 updated - libstdc++6-11.3.0+git1637-1.10.1 updated From sle-updates at lists.suse.com Fri Jun 3 08:09:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 10:09:23 +0200 (CEST) Subject: SUSE-CU-2022:1280-1: Recommended update of bci/nodejs Message-ID: <20220603080923.42FCDF386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1280-1 Container Tags : bci/node:12 , bci/node:12-16.62 , bci/nodejs:12 , bci/nodejs:12-16.62 Container Release : 16.62 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.11 updated From sle-updates at lists.suse.com Fri Jun 3 13:15:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 15:15:57 +0200 (CEST) Subject: SUSE-SU-2022:1933-1: important: Security update for hdf5, suse-hpc Message-ID: <20220603131557.80B99FD9D@maintenance.suse.de> SUSE Security Update: Security update for hdf5, suse-hpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1933-1 Rating: important References: #1058563 #1072087 #1072090 #1072108 #1072111 #1080022 #1080259 #1080426 #1080442 #1082209 #1084951 #1088547 #1091237 #1093641 #1093649 #1093653 #1093655 #1093657 #1101471 #1101474 #1101493 #1101495 #1102175 #1109166 #1109167 #1109168 #1109564 #1109565 #1109566 #1109567 #1109568 #1109569 #1109570 #1116458 #1124509 #1133222 #1134298 #1167401 #1167404 #1167405 #1169793 #1174439 #1179521 #1196682 SLE-7766 SLE-7773 SLE-8501 SLE-8604 Cross-References: CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 CVE-2017-17509 CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11206 CVE-2018-11207 CVE-2018-13869 CVE-2018-13870 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17435 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVSS scores: CVE-2017-17505 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17505 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17506 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17506 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17508 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17508 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17509 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17509 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-11202 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11202 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11203 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11203 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11204 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11204 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-11206 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-11206 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-11207 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11207 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-13869 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13869 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-13870 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13870 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14032 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14033 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14033 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14460 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14460 (SUSE): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-17233 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17233 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17234 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17234 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17237 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17237 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17432 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17432 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17433 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17433 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17434 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17434 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17435 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17435 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17436 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17436 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17437 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17437 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-17438 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-17438 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10809 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10809 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-10810 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10810 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves 27 vulnerabilities, contains four features and has 17 fixes is now available. Description: This update for hdf5, suse-hpc fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493). - CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495). - CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). - CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655). - CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649). - CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641). - CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111). - CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108). - CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090). - CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087). Bugfixes: - Expand modules handling (bsc#1116458). - Fix default moduleversion link generation and deletion (bsc#1124509). - Set higher constraints for succesfull mpich tests (bsc#1133222). - Only build one examples package for all flavors, do not include dependencies as these would be flavor specific (bsc#1088547). - Prepend PKG_CONFIG_PATH in modules file (bsc#1080426). - Validate Python 3 code (bsc#1082209). - Fix library link flags on pkg-config file for HPC builds (bsc#1134298). - Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793). - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). - Make module files package arch dependent: it contains arch-dependent paths (bsc#1080442). - Disable %check stage for mpich builds on s390(x) (bsc#1080022). - Add build support for gcc10 to HPC build (bsc#1174439). - Fix summary in module files (bsc#1080259). - Append a newline to the shebang line prepended by the %hpc_shebang_prepend_list macro (bsc#1084951). - Temporarily disable make check for PowerPC (bsc#1058563). - Fix HPC library master packages dependency: make it require the correct flavor (bsc#1091237). - Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604). - Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773). - HDF5 version Update to 1.10.5 (jsc#SLE-8501). - Add support for openmpi2 for HPC (FATE#325089). - Initial version (FATE#320596). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-1933=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): hdf5_1_10_8-gnu-hpc-1.10.8-3.12.2 hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-3.12.2 hdf5_1_10_8-gnu-hpc-devel-1.10.8-3.12.2 hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-3.12.2 hdf5_1_10_8-gnu-hpc-module-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-3.12.2 hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-debugsource-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-devel-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-devel-static-1.10.8-3.12.2 hdf5_1_10_8-gnu-openmpi1-hpc-module-1.10.8-3.12.2 libhdf5-gnu-hpc-1.10.8-3.12.2 libhdf5-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2 libhdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2 libhdf5_cpp-gnu-hpc-1.10.8-3.12.2 libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5_fortran-gnu-hpc-1.10.8-3.12.2 libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_fortran-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2 libhdf5_hl-gnu-hpc-1.10.8-3.12.2 libhdf5_hl-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_hl-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5_hl_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2 libhdf5_hl_cpp-gnu-hpc-1.10.8-3.12.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5_hl_fortran-gnu-hpc-1.10.8-3.12.2 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2 libhdf5hl_fortran_1_10_8-gnu-openmpi1-hpc-debuginfo-1.10.8-3.12.2 suse-hpc-0.5.20220206.0c6b168-5.2 - SUSE Linux Enterprise Module for HPC 12 (noarch): hdf5-gnu-hpc-devel-1.10.8-3.12.2 hdf5-gnu-mvapich2-hpc-devel-1.10.8-3.12.2 hdf5-gnu-openmpi1-hpc-devel-1.10.8-3.12.2 References: https://www.suse.com/security/cve/CVE-2017-17505.html https://www.suse.com/security/cve/CVE-2017-17506.html https://www.suse.com/security/cve/CVE-2017-17508.html https://www.suse.com/security/cve/CVE-2017-17509.html https://www.suse.com/security/cve/CVE-2018-11202.html https://www.suse.com/security/cve/CVE-2018-11203.html https://www.suse.com/security/cve/CVE-2018-11204.html https://www.suse.com/security/cve/CVE-2018-11206.html https://www.suse.com/security/cve/CVE-2018-11207.html https://www.suse.com/security/cve/CVE-2018-13869.html https://www.suse.com/security/cve/CVE-2018-13870.html https://www.suse.com/security/cve/CVE-2018-14032.html https://www.suse.com/security/cve/CVE-2018-14033.html https://www.suse.com/security/cve/CVE-2018-14460.html https://www.suse.com/security/cve/CVE-2018-17233.html https://www.suse.com/security/cve/CVE-2018-17234.html https://www.suse.com/security/cve/CVE-2018-17237.html https://www.suse.com/security/cve/CVE-2018-17432.html https://www.suse.com/security/cve/CVE-2018-17433.html https://www.suse.com/security/cve/CVE-2018-17434.html https://www.suse.com/security/cve/CVE-2018-17435.html https://www.suse.com/security/cve/CVE-2018-17436.html https://www.suse.com/security/cve/CVE-2018-17437.html https://www.suse.com/security/cve/CVE-2018-17438.html https://www.suse.com/security/cve/CVE-2020-10809.html https://www.suse.com/security/cve/CVE-2020-10810.html https://www.suse.com/security/cve/CVE-2020-10811.html https://bugzilla.suse.com/1058563 https://bugzilla.suse.com/1072087 https://bugzilla.suse.com/1072090 https://bugzilla.suse.com/1072108 https://bugzilla.suse.com/1072111 https://bugzilla.suse.com/1080022 https://bugzilla.suse.com/1080259 https://bugzilla.suse.com/1080426 https://bugzilla.suse.com/1080442 https://bugzilla.suse.com/1082209 https://bugzilla.suse.com/1084951 https://bugzilla.suse.com/1088547 https://bugzilla.suse.com/1091237 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1101471 https://bugzilla.suse.com/1101474 https://bugzilla.suse.com/1101493 https://bugzilla.suse.com/1101495 https://bugzilla.suse.com/1102175 https://bugzilla.suse.com/1109166 https://bugzilla.suse.com/1109167 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109564 https://bugzilla.suse.com/1109565 https://bugzilla.suse.com/1109566 https://bugzilla.suse.com/1109567 https://bugzilla.suse.com/1109568 https://bugzilla.suse.com/1109569 https://bugzilla.suse.com/1109570 https://bugzilla.suse.com/1116458 https://bugzilla.suse.com/1124509 https://bugzilla.suse.com/1133222 https://bugzilla.suse.com/1134298 https://bugzilla.suse.com/1167401 https://bugzilla.suse.com/1167404 https://bugzilla.suse.com/1167405 https://bugzilla.suse.com/1169793 https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1179521 https://bugzilla.suse.com/1196682 From sle-updates at lists.suse.com Fri Jun 3 13:20:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 15:20:05 +0200 (CEST) Subject: SUSE-SU-2022:1932-1: moderate: Security update for patch Message-ID: <20220603132005.691A1FD9D@maintenance.suse.de> SUSE Security Update: Security update for patch ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1932-1 Rating: moderate References: #1080985 #1092500 #1142041 #1198106 Cross-References: CVE-2018-6952 CVE-2019-13636 CVSS scores: CVE-2018-6952 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-6952 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-13636 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-13636 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for patch fixes the following issues: Security fixes: - CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files (bsc#1142041). - CVE-2018-6952: Fixed double free of memory in pch.c:another_hunk() (bsc#1080985). Bugfixes: - Pass the correct stat to backup files (bsc#1198106). - Fix temporary file leak when applying ed-style patches (bsc#1092500). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1932=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): patch-2.7.5-8.8.1 patch-debuginfo-2.7.5-8.8.1 patch-debugsource-2.7.5-8.8.1 References: https://www.suse.com/security/cve/CVE-2018-6952.html https://www.suse.com/security/cve/CVE-2019-13636.html https://bugzilla.suse.com/1080985 https://bugzilla.suse.com/1092500 https://bugzilla.suse.com/1142041 https://bugzilla.suse.com/1198106 From sle-updates at lists.suse.com Fri Jun 3 16:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 18:15:51 +0200 (CEST) Subject: SUSE-SU-2022:1934-1: moderate: Security update for openvpn Message-ID: <20220603161551.01967F386@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1934-1 Rating: moderate References: #1123557 #1197341 Cross-References: CVE-2022-0547 CVSS scores: CVE-2022-0547 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0547 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). - By default the --suppress-timestamps flag is not needed (bsc#1123557). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1934=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1934=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): openvpn-2.5.6-150400.3.3.1 openvpn-auth-pam-plugin-2.5.6-150400.3.3.1 openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.3.1 openvpn-debuginfo-2.5.6-150400.3.3.1 openvpn-debugsource-2.5.6-150400.3.3.1 openvpn-devel-2.5.6-150400.3.3.1 openvpn-down-root-plugin-2.5.6-150400.3.3.1 openvpn-down-root-plugin-debuginfo-2.5.6-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): openvpn-2.5.6-150400.3.3.1 openvpn-auth-pam-plugin-2.5.6-150400.3.3.1 openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.3.1 openvpn-debuginfo-2.5.6-150400.3.3.1 openvpn-debugsource-2.5.6-150400.3.3.1 openvpn-devel-2.5.6-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-0547.html https://bugzilla.suse.com/1123557 https://bugzilla.suse.com/1197341 From sle-updates at lists.suse.com Fri Jun 3 19:15:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2022 21:15:59 +0200 (CEST) Subject: SUSE-RU-2022:1935-1: moderate: Recommended update for mutter Message-ID: <20220603191559.50F2FF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1935-1 Rating: moderate References: #1193190 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter fixes the following issues: - Fixes xterm -iconic support, by reverting a workaround for wrongly behaved wine games.(bsc#1193190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1935=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1935=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1935=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmutter-5-0-3.34.6-150200.3.12.1 libmutter-5-0-debuginfo-3.34.6-150200.3.12.1 mutter-data-3.34.6-150200.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmutter-5-0-3.34.6-150200.3.12.1 libmutter-5-0-debuginfo-3.34.6-150200.3.12.1 mutter-3.34.6-150200.3.12.1 mutter-data-3.34.6-150200.3.12.1 mutter-debuginfo-3.34.6-150200.3.12.1 mutter-debugsource-3.34.6-150200.3.12.1 mutter-devel-3.34.6-150200.3.12.1 - openSUSE Leap 15.3 (noarch): mutter-lang-3.34.6-150200.3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmutter-5-0-3.34.6-150200.3.12.1 libmutter-5-0-debuginfo-3.34.6-150200.3.12.1 mutter-3.34.6-150200.3.12.1 mutter-data-3.34.6-150200.3.12.1 mutter-debuginfo-3.34.6-150200.3.12.1 mutter-debugsource-3.34.6-150200.3.12.1 mutter-devel-3.34.6-150200.3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): mutter-lang-3.34.6-150200.3.12.1 References: https://bugzilla.suse.com/1193190 From sle-updates at lists.suse.com Fri Jun 3 22:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2022 00:16:39 +0200 (CEST) Subject: SUSE-RU-2022:1936-1: Recommended update for sssd Message-ID: <20220603221639.89662F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1936-1 Rating: low References: #1199393 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Update sss_cache command's manpage to clarify its effects on the memory cache. (bsc#1199393) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1936=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1936=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1936=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1936=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sssd-wbclient-1.16.1-150300.23.31.1 sssd-wbclient-debuginfo-1.16.1-150300.23.31.1 sssd-wbclient-devel-1.16.1-150300.23.31.1 - openSUSE Leap 15.4 (x86_64): sssd-common-32bit-1.16.1-150300.23.31.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.31.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.31.1 libipa_hbac0-1.16.1-150300.23.31.1 libipa_hbac0-debuginfo-1.16.1-150300.23.31.1 libnfsidmap-sss-1.16.1-150300.23.31.1 libnfsidmap-sss-debuginfo-1.16.1-150300.23.31.1 libsss_certmap-devel-1.16.1-150300.23.31.1 libsss_certmap0-1.16.1-150300.23.31.1 libsss_certmap0-debuginfo-1.16.1-150300.23.31.1 libsss_idmap-devel-1.16.1-150300.23.31.1 libsss_idmap0-1.16.1-150300.23.31.1 libsss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_nss_idmap-devel-1.16.1-150300.23.31.1 libsss_nss_idmap0-1.16.1-150300.23.31.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_simpleifp-devel-1.16.1-150300.23.31.1 libsss_simpleifp0-1.16.1-150300.23.31.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.31.1 python3-ipa_hbac-1.16.1-150300.23.31.1 python3-ipa_hbac-debuginfo-1.16.1-150300.23.31.1 python3-sss-murmur-1.16.1-150300.23.31.1 python3-sss-murmur-debuginfo-1.16.1-150300.23.31.1 python3-sss_nss_idmap-1.16.1-150300.23.31.1 python3-sss_nss_idmap-debuginfo-1.16.1-150300.23.31.1 python3-sssd-config-1.16.1-150300.23.31.1 python3-sssd-config-debuginfo-1.16.1-150300.23.31.1 sssd-1.16.1-150300.23.31.1 sssd-ad-1.16.1-150300.23.31.1 sssd-ad-debuginfo-1.16.1-150300.23.31.1 sssd-common-1.16.1-150300.23.31.1 sssd-common-debuginfo-1.16.1-150300.23.31.1 sssd-dbus-1.16.1-150300.23.31.1 sssd-dbus-debuginfo-1.16.1-150300.23.31.1 sssd-debugsource-1.16.1-150300.23.31.1 sssd-ipa-1.16.1-150300.23.31.1 sssd-ipa-debuginfo-1.16.1-150300.23.31.1 sssd-krb5-1.16.1-150300.23.31.1 sssd-krb5-common-1.16.1-150300.23.31.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.31.1 sssd-krb5-debuginfo-1.16.1-150300.23.31.1 sssd-ldap-1.16.1-150300.23.31.1 sssd-ldap-debuginfo-1.16.1-150300.23.31.1 sssd-proxy-1.16.1-150300.23.31.1 sssd-proxy-debuginfo-1.16.1-150300.23.31.1 sssd-tools-1.16.1-150300.23.31.1 sssd-tools-debuginfo-1.16.1-150300.23.31.1 sssd-wbclient-1.16.1-150300.23.31.1 sssd-wbclient-debuginfo-1.16.1-150300.23.31.1 sssd-wbclient-devel-1.16.1-150300.23.31.1 sssd-winbind-idmap-1.16.1-150300.23.31.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.31.1 - openSUSE Leap 15.3 (x86_64): sssd-common-32bit-1.16.1-150300.23.31.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): sssd-common-32bit-1.16.1-150300.23.31.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.31.1 sssd-debugsource-1.16.1-150300.23.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.31.1 libipa_hbac0-1.16.1-150300.23.31.1 libipa_hbac0-debuginfo-1.16.1-150300.23.31.1 libsss_certmap-devel-1.16.1-150300.23.31.1 libsss_certmap0-1.16.1-150300.23.31.1 libsss_certmap0-debuginfo-1.16.1-150300.23.31.1 libsss_idmap-devel-1.16.1-150300.23.31.1 libsss_idmap0-1.16.1-150300.23.31.1 libsss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_nss_idmap-devel-1.16.1-150300.23.31.1 libsss_nss_idmap0-1.16.1-150300.23.31.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_simpleifp-devel-1.16.1-150300.23.31.1 libsss_simpleifp0-1.16.1-150300.23.31.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.31.1 python3-sssd-config-1.16.1-150300.23.31.1 python3-sssd-config-debuginfo-1.16.1-150300.23.31.1 sssd-1.16.1-150300.23.31.1 sssd-ad-1.16.1-150300.23.31.1 sssd-ad-debuginfo-1.16.1-150300.23.31.1 sssd-common-1.16.1-150300.23.31.1 sssd-common-debuginfo-1.16.1-150300.23.31.1 sssd-dbus-1.16.1-150300.23.31.1 sssd-dbus-debuginfo-1.16.1-150300.23.31.1 sssd-debugsource-1.16.1-150300.23.31.1 sssd-ipa-1.16.1-150300.23.31.1 sssd-ipa-debuginfo-1.16.1-150300.23.31.1 sssd-krb5-1.16.1-150300.23.31.1 sssd-krb5-common-1.16.1-150300.23.31.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.31.1 sssd-krb5-debuginfo-1.16.1-150300.23.31.1 sssd-ldap-1.16.1-150300.23.31.1 sssd-ldap-debuginfo-1.16.1-150300.23.31.1 sssd-proxy-1.16.1-150300.23.31.1 sssd-proxy-debuginfo-1.16.1-150300.23.31.1 sssd-tools-1.16.1-150300.23.31.1 sssd-tools-debuginfo-1.16.1-150300.23.31.1 sssd-winbind-idmap-1.16.1-150300.23.31.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): sssd-common-32bit-1.16.1-150300.23.31.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.31.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.31.1 libsss_certmap0-debuginfo-1.16.1-150300.23.31.1 libsss_idmap0-1.16.1-150300.23.31.1 libsss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_nss_idmap0-1.16.1-150300.23.31.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.31.1 sssd-1.16.1-150300.23.31.1 sssd-common-1.16.1-150300.23.31.1 sssd-common-debuginfo-1.16.1-150300.23.31.1 sssd-debugsource-1.16.1-150300.23.31.1 sssd-krb5-common-1.16.1-150300.23.31.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.31.1 sssd-ldap-1.16.1-150300.23.31.1 sssd-ldap-debuginfo-1.16.1-150300.23.31.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.31.1 libsss_certmap0-debuginfo-1.16.1-150300.23.31.1 libsss_idmap0-1.16.1-150300.23.31.1 libsss_idmap0-debuginfo-1.16.1-150300.23.31.1 libsss_nss_idmap0-1.16.1-150300.23.31.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.31.1 sssd-1.16.1-150300.23.31.1 sssd-common-1.16.1-150300.23.31.1 sssd-common-debuginfo-1.16.1-150300.23.31.1 sssd-debugsource-1.16.1-150300.23.31.1 sssd-krb5-common-1.16.1-150300.23.31.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.31.1 sssd-ldap-1.16.1-150300.23.31.1 sssd-ldap-debuginfo-1.16.1-150300.23.31.1 References: https://bugzilla.suse.com/1199393 From sle-updates at lists.suse.com Sat Jun 4 07:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2022 09:16:44 +0200 (CEST) Subject: SUSE-CU-2022:1288-1: Recommended update of bci/golang Message-ID: <20220604071644.0F041F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1288-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.53 , bci/golang:latest Container Release : 7.53 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-devel-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.11 updated From sle-updates at lists.suse.com Sat Jun 4 07:23:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2022 09:23:03 +0200 (CEST) Subject: SUSE-CU-2022:1290-1: Recommended update of bci/bci-init Message-ID: <20220604072303.721DAF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1290-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.14.64 , bci/bci-init:latest Container Release : 14.64 Severity : important Type : recommended References : 1198176 1198751 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - container:sles15-image-15.0.0-17.17.11 updated From sle-updates at lists.suse.com Sat Jun 4 07:33:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2022 09:33:01 +0200 (CEST) Subject: SUSE-CU-2022:1292-1: Recommended update of bci/bci-init Message-ID: <20220604073301.ED8B0F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1292-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.15.30 Container Release : 15.30 Severity : moderate Type : recommended References : 1198751 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - glibc-2.31-150300.26.5 updated - container:sles15-image-15.0.0-27.5.5 updated From sle-updates at lists.suse.com Sat Jun 4 22:17:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 00:17:08 +0200 (CEST) Subject: SUSE-SU-2022:1940-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP4) Message-ID: <20220604221708.CEF05FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1940-1 Rating: important References: #1199602 #1199834 Cross-References: CVE-2022-30594 CVSS scores: CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1940=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_96-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Sat Jun 4 22:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 00:17:49 +0200 (CEST) Subject: SUSE-SU-2022:1939-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP4) Message-ID: <20220604221749.E2BC2FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1939-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1937=1 SUSE-SLE-Live-Patching-12-SP4-2022-1938=1 SUSE-SLE-Live-Patching-12-SP4-2022-1939=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_80-default-14-2.2 kgraft-patch-4_12_14-95_83-default-9-2.2 kgraft-patch-4_12_14-95_88-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Sun Jun 5 04:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 06:16:50 +0200 (CEST) Subject: SUSE-SU-2022:1942-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) Message-ID: <20220605041650.8ED45FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1942-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1941=1 SUSE-SLE-Live-Patching-12-SP5-2022-1942=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-10-2.2 kgraft-patch-4_12_14-122_98-default-10-2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Sun Jun 5 10:16:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 12:16:37 +0200 (CEST) Subject: SUSE-RU-2022:1813-2: moderate: Recommended update for sapconf Message-ID: <20220605101637.3A9AAFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1813-2 Rating: moderate References: #1185702 #1188743 #1192841 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: Version update from 5.0.3 to 5.0.4: - Change block device handling to handle multipath devices correctly. Only the DM multipath devices (mpath) will be used for the settings, but not its paths (bsc#1188743) - Fixed wrong comparison used for setting force_latency (bsc#1185702) - SAP Note 1771258 v6 updates nofile values to 1048576 (bsc#1192841) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1813=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1813=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1813=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1813=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1813=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1813=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1813=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1813=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1813=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1813=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sapconf-5.0.4-40.71.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): sapconf-5.0.4-40.71.1 - SUSE OpenStack Cloud 9 (noarch): sapconf-5.0.4-40.71.1 - SUSE OpenStack Cloud 8 (noarch): sapconf-5.0.4-40.71.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): sapconf-5.0.4-40.71.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): sapconf-5.0.4-40.71.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): sapconf-5.0.4-40.71.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): sapconf-5.0.4-40.71.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): sapconf-5.0.4-40.71.1 - HPE Helion Openstack 8 (noarch): sapconf-5.0.4-40.71.1 References: https://bugzilla.suse.com/1185702 https://bugzilla.suse.com/1188743 https://bugzilla.suse.com/1192841 From sle-updates at lists.suse.com Sun Jun 5 10:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 12:17:30 +0200 (CEST) Subject: SUSE-RU-2022:1814-2: moderate: Recommended update for sapconf Message-ID: <20220605101730.A0966FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1814-2 Rating: moderate References: #1185702 #1188743 #1192841 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: Version update from 5.0.3 to 5.0.4: - Change block device handling to handle multipath devices correctly. Only the DM multipath devices (mpath) will be used for the settings, but not its paths (bsc#1188743) - Fixed wrong comparison used for setting force_latency (bsc#1185702) - SAP Note 1771258 v6 updates nofile values to 1048576 (bsc#1192841) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1814=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1814=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1814=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1814=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1814=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1814=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1814=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1814=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1814=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1814=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1814=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1814=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1814=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1814=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Manager Retail Branch Server 4.1 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Manager Proxy 4.1 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Enterprise Storage 7 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE Enterprise Storage 6 (noarch): sapconf-5.0.4-150000.7.21.1 - SUSE CaaS Platform 4.0 (noarch): sapconf-5.0.4-150000.7.21.1 References: https://bugzilla.suse.com/1185702 https://bugzilla.suse.com/1188743 https://bugzilla.suse.com/1192841 From sle-updates at lists.suse.com Sun Jun 5 13:16:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 15:16:01 +0200 (CEST) Subject: SUSE-SU-2022:1945-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) Message-ID: <20220605131601.0219EFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1945-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-197_102 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1943=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1944=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1945=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-9-150100.2.2 kernel-livepatch-4_12_14-197_105-default-5-150100.2.2 kernel-livepatch-4_12_14-197_92-default-16-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Sun Jun 5 16:15:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Jun 2022 18:15:56 +0200 (CEST) Subject: SUSE-SU-2022:1947-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2) Message-ID: <20220605161556.3268FFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1947-1 Rating: important References: #1197597 #1199602 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_107 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1946=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1947=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_107-default-7-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-7-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-7-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x): kernel-livepatch-5_3_18-24_99-default-9-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-9-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-9-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 From sle-updates at lists.suse.com Mon Jun 6 01:16:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 03:16:38 +0200 (CEST) Subject: SUSE-SU-2022:1948-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) Message-ID: <20220606011638.BC0E0FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1948-1 Rating: important References: #1197597 #1199602 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1948=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_60-default-6-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 From sle-updates at lists.suse.com Mon Jun 6 04:16:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 06:16:10 +0200 (CEST) Subject: SUSE-SU-2022:1949-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20220606041610.36CB5FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1949-1 Rating: important References: #1199602 #1199834 Cross-References: CVE-2022-30594 CVSS scores: CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1949=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-3-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Mon Jun 6 16:17:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 18:17:21 +0200 (CEST) Subject: SUSE-SU-2022:1974-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <20220606161721.015E7FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1974-1 Rating: important References: #1197597 #1199602 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1972=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1974=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1977=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1983=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1986=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1987=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1970=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-8-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-7-150300.2.2 kernel-livepatch-5_3_18-59_10-default-16-150300.2.2 kernel-livepatch-5_3_18-59_10-default-debuginfo-16-150300.2.2 kernel-livepatch-5_3_18-59_13-default-16-150300.2.2 kernel-livepatch-5_3_18-59_13-default-debuginfo-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_2-debugsource-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_3-debugsource-16-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-8-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-8-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-8-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 From sle-updates at lists.suse.com Mon Jun 6 16:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 18:18:07 +0200 (CEST) Subject: SUSE-RU-2022:1998-1: moderate: Recommended update for postgresql Message-ID: <20220606161807.91B11FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1998-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for postgresql ships postgresql-devel. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1998=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1998=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): postgresql-devel-14-4.15.1 postgresql-server-devel-14-4.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-14-4.15.1 postgresql-contrib-14-4.15.1 postgresql-docs-14-4.15.1 postgresql-plperl-14-4.15.1 postgresql-plpython-14-4.15.1 postgresql-pltcl-14-4.15.1 postgresql-server-14-4.15.1 References: From sle-updates at lists.suse.com Mon Jun 6 16:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 18:18:37 +0200 (CEST) Subject: SUSE-SU-2022:1989-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) Message-ID: <20220606161837.5AE30FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1989-1 Rating: important References: #1196959 Cross-References: CVE-2021-39698 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_68 fixes one issue. The following security issue was fixed: - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work of aio.c (bsc#1196959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1989=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_68-default-2-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://bugzilla.suse.com/1196959 From sle-updates at lists.suse.com Mon Jun 6 16:19:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 18:19:38 +0200 (CEST) Subject: SUSE-SU-2022:1955-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) Message-ID: <20220606161938.2F053FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1955-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-122_110 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1960=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1961=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1975=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1976=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1982=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1984=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1985=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1997=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1959=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1966=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1967=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1968=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1969=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1973=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1979=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1980=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1981=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1957=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1958=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1950=1 SUSE-SLE-Module-Live-Patching-15-2022-1963=1 SUSE-SLE-Module-Live-Patching-15-2022-1964=1 SUSE-SLE-Module-Live-Patching-15-2022-1996=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1952=1 SUSE-SLE-Live-Patching-12-SP5-2022-1953=1 SUSE-SLE-Live-Patching-12-SP5-2022-1954=1 SUSE-SLE-Live-Patching-12-SP5-2022-1955=1 SUSE-SLE-Live-Patching-12-SP5-2022-1956=1 SUSE-SLE-Live-Patching-12-SP5-2022-1962=1 SUSE-SLE-Live-Patching-12-SP5-2022-1978=1 SUSE-SLE-Live-Patching-12-SP5-2022-1993=1 SUSE-SLE-Live-Patching-12-SP5-2022-1994=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1951=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_16-default-15-150300.2.2 kernel-livepatch-5_3_18-59_16-default-debuginfo-15-150300.2.2 kernel-livepatch-5_3_18-59_19-default-14-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-14-150300.2.2 kernel-livepatch-5_3_18-59_24-default-12-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-12-150300.2.2 kernel-livepatch-5_3_18-59_27-default-12-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-12-150300.2.2 kernel-livepatch-5_3_18-59_34-default-11-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-11-150300.2.2 kernel-livepatch-5_3_18-59_37-default-10-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-10-150300.2.2 kernel-livepatch-5_3_18-59_40-default-10-150300.2.2 kernel-livepatch-5_3_18-59_5-default-16-150300.2.2 kernel-livepatch-5_3_18-59_5-default-debuginfo-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-10-150300.2.2 kernel-livepatch-SLE15-SP3_Update_4-debugsource-15-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-14-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-12-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-12-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-11-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-10-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-16-150200.2.2 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_67-default-16-150200.2.2 kernel-livepatch-5_3_18-24_67-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_70-default-16-150200.2.2 kernel-livepatch-5_3_18-24_70-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_75-default-15-150200.2.2 kernel-livepatch-5_3_18-24_75-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_78-default-14-150200.2.2 kernel-livepatch-5_3_18-24_78-default-debuginfo-14-150200.2.2 kernel-livepatch-5_3_18-24_83-default-12-150200.2.2 kernel-livepatch-5_3_18-24_83-default-debuginfo-12-150200.2.2 kernel-livepatch-5_3_18-24_86-default-12-150200.2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-12-150200.2.2 kernel-livepatch-5_3_18-24_93-default-11-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-11-150200.2.2 kernel-livepatch-5_3_18-24_96-default-10-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-10-150200.2.2 kernel-livepatch-SLE15-SP2_Update_14-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_16-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_17-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_18-debugsource-14-150200.2.2 kernel-livepatch-SLE15-SP2_Update_19-debugsource-12-150200.2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-12-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-11-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-10-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_108-default-4-150100.2.2 kernel-livepatch-4_12_14-197_99-default-14-150100.2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_75-default-14-150000.2.2 kernel-livepatch-4_12_14-150_75-default-debuginfo-14-150000.2.2 kernel-livepatch-4_12_14-150_78-default-9-150000.2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-9-150000.2.2 kernel-livepatch-4_12_14-150_83-default-5-150000.2.2 kernel-livepatch-4_12_14-150_83-default-debuginfo-5-150000.2.2 kernel-livepatch-4_12_14-150_86-default-4-150000.2.2 kernel-livepatch-4_12_14-150_86-default-debuginfo-4-150000.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_106-default-8-2.2 kgraft-patch-4_12_14-122_110-default-6-2.2 kgraft-patch-4_12_14-122_113-default-5-2.2 kgraft-patch-4_12_14-122_74-default-16-2.2 kgraft-patch-4_12_14-122_77-default-16-2.2 kgraft-patch-4_12_14-122_80-default-15-2.2 kgraft-patch-4_12_14-122_83-default-14-2.2 kgraft-patch-4_12_14-122_88-default-12-2.2 kgraft-patch-4_12_14-122_91-default-12-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_77-default-16-2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Mon Jun 6 16:20:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 18:20:53 +0200 (CEST) Subject: SUSE-SU-2022:1988-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15) Message-ID: <20220606162053.BEE4AFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1988-1 Rating: important References: #1199602 #1199834 Cross-References: CVE-2022-30594 CVSS scores: CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_89 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1988=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1971=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1965=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1995=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_63-default-3-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-3-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-3-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-3-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-3-150000.2.2 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-3-150000.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Mon Jun 6 19:16:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2022 21:16:43 +0200 (CEST) Subject: SUSE-RU-2022:1999-1: moderate: Recommended update for s390-tools Message-ID: <20220606191643.61D83FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1999-1 Rating: moderate References: #1199131 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix segfault due to double free. (bsc#1199131) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1999=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.41.1 osasnmpd-debuginfo-2.1.0-18.41.1 s390-tools-2.1.0-18.41.1 s390-tools-debuginfo-2.1.0-18.41.1 s390-tools-debugsource-2.1.0-18.41.1 s390-tools-hmcdrvfs-2.1.0-18.41.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.41.1 s390-tools-zdsfs-2.1.0-18.41.1 s390-tools-zdsfs-debuginfo-2.1.0-18.41.1 References: https://bugzilla.suse.com/1199131 From sle-updates at lists.suse.com Mon Jun 6 22:17:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 00:17:10 +0200 (CEST) Subject: SUSE-SU-2022:2000-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) Message-ID: <20220606221710.99315FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2000-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2000=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-18-150200.3.2 kernel-livepatch-5_3_18-57-default-debuginfo-18-150200.3.2 kernel-livepatch-SLE15-SP3_Update_0-debugsource-18-150200.3.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Mon Jun 6 22:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 00:17:58 +0200 (CEST) Subject: SUSE-RU-2022:2001-1: moderate: Recommended update for s3fs Message-ID: <20220606221758.1358CFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for s3fs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2001-1 Rating: moderate References: #1198900 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s3fs fixes the following issues: - Update to version 1.91 (bsc#1198900) * Fix RowFlush can not upload last part smaller than 5MB using NoCacheMultipartPost * Fix IAM role retrieval from IMDSv2 * Add option to allow unsigned payloads * Fix mixupload return EntityTooSmall while a copypart is less than 5MB after split * Allow compilation on Windows via MSYS2 * Handle utimensat UTIME_NOW and UTIME_OMIT special values * Preserve sub-second precision in more situations * Always flush open files with O_CREAT flag * Fixed not to call Flush even if the file size is increased * Include climits to support musl libc - Update to version 1.90 + Don't ignore nomultipart when storage is low + Fix POSIX compatibility issues found by pjdfstest + Fail CheckBucket when S3 returns PermanentRedirect + Do not create zero-byte object when creating file + Allow arbitrary size AWS secret keys + Fix race conditions + Set explicit Content-Length: 0 when initiating MPU + Set CURLOPT_UNRESTRICTED_AUTH when authenticating + Add jitter to avoid thundering herd + Loosen CheckBucket to check only the bucket + Add support for AWS-style environment variables Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2001=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2001=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2001=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2001=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2001=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2001=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): s3fs-1.91-150000.3.9.1 s3fs-debuginfo-1.91-150000.3.9.1 s3fs-debugsource-1.91-150000.3.9.1 References: https://bugzilla.suse.com/1198900 From sle-updates at lists.suse.com Mon Jun 6 22:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 00:18:43 +0200 (CEST) Subject: SUSE-RU-2022:2002-1: moderate: Recommended update for btrfsprogs Message-ID: <20220606221843.A9951FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2002-1 Rating: moderate References: #1186571 #1186823 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for btrfsprogs fixes the following issues: - Ignore path devices when enumerating multipath device. (bsc#1186823) - Prevention 32bit overflow in btrfs-convert. (bsc#1186571) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2002=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2002=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2002=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2002=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2002=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2002=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2002=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2002=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2002=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2002=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2002=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2002=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2002=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2002=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2002=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Manager Server 4.1 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Manager Retail Branch Server 4.1 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Manager Proxy 4.1 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Manager Proxy 4.1 (x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Enterprise Storage 7 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE Enterprise Storage 6 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 - SUSE CaaS Platform 4.0 (x86_64): btrfsprogs-4.19.1-150100.8.11.1 btrfsprogs-debuginfo-4.19.1-150100.8.11.1 btrfsprogs-debugsource-4.19.1-150100.8.11.1 libbtrfs-devel-4.19.1-150100.8.11.1 libbtrfs0-4.19.1-150100.8.11.1 libbtrfs0-debuginfo-4.19.1-150100.8.11.1 - SUSE CaaS Platform 4.0 (noarch): btrfsprogs-udev-rules-4.19.1-150100.8.11.1 References: https://bugzilla.suse.com/1186571 https://bugzilla.suse.com/1186823 From sle-updates at lists.suse.com Tue Jun 7 19:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:16:53 +0200 (CEST) Subject: SUSE-SU-2022:2006-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) Message-ID: <20220607191653.972D6FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2006-1 Rating: important References: #1197597 #1199602 #1199834 Cross-References: CVE-2022-1048 CVE-2022-30594 CVSS scores: CVE-2022-1048 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2006=1 SUSE-SLE-SAP-12-SP3-2022-2007=1 SUSE-SLE-SAP-12-SP3-2022-2008=1 SUSE-SLE-SAP-12-SP3-2022-2009=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2006=1 SUSE-SLE-SERVER-12-SP3-2022-2007=1 SUSE-SLE-SERVER-12-SP3-2022-2008=1 SUSE-SLE-SERVER-12-SP3-2022-2009=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2011=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-13-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_150-default-9-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_153-default-5-2.2 kgraft-patch-4_4_180-94_153-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_156-default-4-2.2 kgraft-patch-4_4_180-94_156-default-debuginfo-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-13-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_150-default-9-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-9-2.2 kgraft-patch-4_4_180-94_153-default-5-2.2 kgraft-patch-4_4_180-94_153-default-debuginfo-5-2.2 kgraft-patch-4_4_180-94_156-default-4-2.2 kgraft-patch-4_4_180-94_156-default-debuginfo-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_93-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1197597 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Tue Jun 7 19:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:18:01 +0200 (CEST) Subject: SUSE-SU-2022:2003-1: important: Security update for mariadb Message-ID: <20220607191801.3E7A9FD9D@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2003-1 Rating: important References: #1198603 #1198604 #1198605 #1198606 #1198607 #1198609 #1198610 #1198611 #1198612 #1198613 #1198628 #1198629 #1198630 #1198631 #1198632 #1198633 #1198634 #1198635 #1198636 #1198637 #1198638 #1198639 #1198640 #1199928 Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVSS scores: CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27379 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27382 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27382 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27444 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27444 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27446 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27446 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27447 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27447 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27448 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27448 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27449 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27451 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27452 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27452 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27455 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27455 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27456 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27456 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27457 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27457 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27458 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27458 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to 10.5.16 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 External refernences: - https://mariadb.com/kb/en/library/mariadb-10516-release-notes - https://mariadb.com/kb/en/library/mariadb-10516-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2003=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2003=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2003=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.16-150300.3.18.1 libmariadbd19-10.5.16-150300.3.18.1 libmariadbd19-debuginfo-10.5.16-150300.3.18.1 mariadb-10.5.16-150300.3.18.1 mariadb-bench-10.5.16-150300.3.18.1 mariadb-bench-debuginfo-10.5.16-150300.3.18.1 mariadb-client-10.5.16-150300.3.18.1 mariadb-client-debuginfo-10.5.16-150300.3.18.1 mariadb-debuginfo-10.5.16-150300.3.18.1 mariadb-debugsource-10.5.16-150300.3.18.1 mariadb-rpm-macros-10.5.16-150300.3.18.1 mariadb-test-10.5.16-150300.3.18.1 mariadb-test-debuginfo-10.5.16-150300.3.18.1 mariadb-tools-10.5.16-150300.3.18.1 mariadb-tools-debuginfo-10.5.16-150300.3.18.1 - openSUSE Leap 15.3 (noarch): mariadb-errormessages-10.5.16-150300.3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.16-150300.3.18.1 libmariadbd19-10.5.16-150300.3.18.1 libmariadbd19-debuginfo-10.5.16-150300.3.18.1 mariadb-10.5.16-150300.3.18.1 mariadb-client-10.5.16-150300.3.18.1 mariadb-client-debuginfo-10.5.16-150300.3.18.1 mariadb-debuginfo-10.5.16-150300.3.18.1 mariadb-debugsource-10.5.16-150300.3.18.1 mariadb-tools-10.5.16-150300.3.18.1 mariadb-tools-debuginfo-10.5.16-150300.3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): mariadb-errormessages-10.5.16-150300.3.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): mariadb-galera-10.5.16-150300.3.18.1 References: https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-21427.html https://www.suse.com/security/cve/CVE-2022-27376.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27379.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27382.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27444.html https://www.suse.com/security/cve/CVE-2022-27445.html https://www.suse.com/security/cve/CVE-2022-27446.html https://www.suse.com/security/cve/CVE-2022-27447.html https://www.suse.com/security/cve/CVE-2022-27448.html https://www.suse.com/security/cve/CVE-2022-27449.html https://www.suse.com/security/cve/CVE-2022-27451.html https://www.suse.com/security/cve/CVE-2022-27452.html https://www.suse.com/security/cve/CVE-2022-27455.html https://www.suse.com/security/cve/CVE-2022-27456.html https://www.suse.com/security/cve/CVE-2022-27457.html https://www.suse.com/security/cve/CVE-2022-27458.html https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198605 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198609 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198628 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1198630 https://bugzilla.suse.com/1198631 https://bugzilla.suse.com/1198632 https://bugzilla.suse.com/1198633 https://bugzilla.suse.com/1198634 https://bugzilla.suse.com/1198635 https://bugzilla.suse.com/1198636 https://bugzilla.suse.com/1198637 https://bugzilla.suse.com/1198638 https://bugzilla.suse.com/1198639 https://bugzilla.suse.com/1198640 https://bugzilla.suse.com/1199928 From sle-updates at lists.suse.com Tue Jun 7 19:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:21:14 +0200 (CEST) Subject: SUSE-RU-2022:1761-2: moderate: Recommended update for go Message-ID: <20220607192114.692CEFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for go ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1761-2 Rating: moderate References: #1193742 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go fixes the following issues: Updated wrapper package to current stable go1.18 (bsc#1193742). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1761=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go-1.18-150000.3.23.1 go-doc-1.18-150000.3.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go-race-1.18-150000.3.23.1 References: https://bugzilla.suse.com/1193742 From sle-updates at lists.suse.com Tue Jun 7 19:21:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:21:48 +0200 (CEST) Subject: SUSE-SU-2022:2010-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP3) Message-ID: <20220607192148.6015DFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2010-1 Rating: important References: #1199602 #1199834 Cross-References: CVE-2022-30594 CVSS scores: CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.180-94_161 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2010=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2010=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_161-default-3-2.2 kgraft-patch-4_4_180-94_161-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_161-default-3-2.2 kgraft-patch-4_4_180-94_161-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199834 From sle-updates at lists.suse.com Tue Jun 7 19:22:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:22:31 +0200 (CEST) Subject: SUSE-SU-2022:2005-1: important: Security update for go1.18 Message-ID: <20220607192231.B161CFD9D@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2005-1 Rating: important References: #1193742 #1200134 #1200135 #1200136 #1200137 Cross-References: CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for go1.18 fixes the following issues: Update to go1.18.3 (released 2022-06-01) (bsc#1193742): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2005=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2005=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2005=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2005=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.3-150000.1.20.1 go1.18-doc-1.18.3-150000.1.20.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.3-150000.1.20.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.3-150000.1.20.1 go1.18-doc-1.18.3-150000.1.20.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.3-150000.1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.3-150000.1.20.1 go1.18-doc-1.18.3-150000.1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.3-150000.1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.3-150000.1.20.1 go1.18-doc-1.18.3-150000.1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.3-150000.1.20.1 References: https://www.suse.com/security/cve/CVE-2022-29804.html https://www.suse.com/security/cve/CVE-2022-30580.html https://www.suse.com/security/cve/CVE-2022-30629.html https://www.suse.com/security/cve/CVE-2022-30634.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1200134 https://bugzilla.suse.com/1200135 https://bugzilla.suse.com/1200136 https://bugzilla.suse.com/1200137 From sle-updates at lists.suse.com Tue Jun 7 19:23:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2022 21:23:31 +0200 (CEST) Subject: SUSE-SU-2022:2004-1: important: Security update for go1.17 Message-ID: <20220607192331.3900FFD9D@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2004-1 Rating: important References: #1190649 #1200134 #1200135 #1200136 #1200137 Cross-References: CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: Update to go1.17.11 (released 2022-06-01) (bsc#1190649): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2004=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2004=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2004=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2004=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.11-150000.1.37.1 go1.17-doc-1.17.11-150000.1.37.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.11-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.11-150000.1.37.1 go1.17-doc-1.17.11-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.11-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.11-150000.1.37.1 go1.17-doc-1.17.11-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.11-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.11-150000.1.37.1 go1.17-doc-1.17.11-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.11-150000.1.37.1 References: https://www.suse.com/security/cve/CVE-2022-29804.html https://www.suse.com/security/cve/CVE-2022-30580.html https://www.suse.com/security/cve/CVE-2022-30629.html https://www.suse.com/security/cve/CVE-2022-30634.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1200134 https://bugzilla.suse.com/1200135 https://bugzilla.suse.com/1200136 https://bugzilla.suse.com/1200137 From sle-updates at lists.suse.com Tue Jun 7 22:17:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 00:17:17 +0200 (CEST) Subject: SUSE-RU-2022:2013-1: moderate: Recommended update for scap-security-guide Message-ID: <20220607221717.9671CF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2013-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.61 (jsc#ECO-3319) - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 - Introduce OL9 product - Implement handling of logical expressions in platform definitions Please note that SUSE supports only the DISA STIG, HIPAA and PCI-DSS profiles for SUSE Linux Enterprise Server 12 and 15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2013=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.61-3.26.1 scap-security-guide-debian-0.1.61-3.26.1 scap-security-guide-redhat-0.1.61-3.26.1 scap-security-guide-ubuntu-0.1.61-3.26.1 References: From sle-updates at lists.suse.com Tue Jun 7 22:17:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 00:17:59 +0200 (CEST) Subject: SUSE-RU-2022:2014-1: moderate: Recommended update for scap-security-guide Message-ID: <20220607221759.1945FF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2014-1 Rating: moderate References: ECO-3319 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.61 (jsc#ECO-3319): - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 - Introduce OL9 product - Implement handling of logical expressions in platform definitions Please note that SUSE supports only the DISA STIG, HIPAA and PCI-DSS profiles for SUSE Linux Enterprise Server 12 and 15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2014=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2014=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2014=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2014=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2014=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2014=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2014=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2014=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2014=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2014=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2014=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2014=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2014=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2014=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2014=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2014=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2014=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2014=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - openSUSE Leap 15.3 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Manager Server 4.1 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Manager Retail Branch Server 4.1 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Manager Proxy 4.1 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Enterprise Storage 7 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.61-150000.1.32.1 scap-security-guide-debian-0.1.61-150000.1.32.1 scap-security-guide-redhat-0.1.61-150000.1.32.1 scap-security-guide-ubuntu-0.1.61-150000.1.32.1 References: From sle-updates at lists.suse.com Wed Jun 8 07:30:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 09:30:59 +0200 (CEST) Subject: SUSE-CU-2022:1295-1: Recommended update of suse/sles12sp3 Message-ID: <20220608073059.81622F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1295-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.399 , suse/sles12sp3:latest Container Release : 24.399 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1926-1 Released: Thu Jun 2 16:06:59 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * Fixes issue with debug dumping together with -o /dev/null * Fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-1.10.1 updated - libstdc++6-11.3.0+git1637-1.10.1 updated From sle-updates at lists.suse.com Wed Jun 8 07:50:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 09:50:09 +0200 (CEST) Subject: SUSE-CU-2022:1296-1: Recommended update of suse/sles12sp4 Message-ID: <20220608075009.59D8EF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1296-1 Container Tags : suse/sles12sp4:26.465 , suse/sles12sp4:latest Container Release : 26.465 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1926-1 Released: Thu Jun 2 16:06:59 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * Fixes issue with debug dumping together with -o /dev/null * Fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - base-container-licenses-3.0-1.295 updated - container-suseconnect-2.0.0-1.185 updated - libgcc_s1-11.3.0+git1637-1.10.1 updated - libstdc++6-11.3.0+git1637-1.10.1 updated From sle-updates at lists.suse.com Wed Jun 8 08:05:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 10:05:02 +0200 (CEST) Subject: SUSE-CU-2022:1298-1: Security update of bci/golang Message-ID: <20220608080502.E6CCAF386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1298-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-17.55 Container Release : 17.55 Severity : important Type : security References : 1190649 1200134 1200135 1200136 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2004-1 Released: Tue Jun 7 16:34:20 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1190649,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634 This update for go1.17 fixes the following issues: Update to go1.17.11 (released 2022-06-01) (bsc#1190649): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). The following package changes have been done: - go1.17-1.17.11-150000.1.37.1 updated - container:sles15-image-15.0.0-17.17.12 updated From sle-updates at lists.suse.com Wed Jun 8 08:07:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 10:07:26 +0200 (CEST) Subject: SUSE-CU-2022:1299-1: Security update of bci/golang Message-ID: <20220608080726.184E0F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1299-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.57 , bci/golang:latest Container Release : 7.57 Severity : important Type : security References : 1193742 1200134 1200135 1200136 1200137 CVE-2022-29804 CVE-2022-30580 CVE-2022-30629 CVE-2022-30634 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2005-1 Released: Tue Jun 7 16:34:46 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634 This update for go1.18 fixes the following issues: Update to go1.18.3 (released 2022-06-01) (bsc#1193742): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). The following package changes have been done: - go1.18-1.18.3-150000.1.20.1 updated - container:sles15-image-15.0.0-17.17.12 updated From sle-updates at lists.suse.com Wed Jun 8 13:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 15:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2015-1: moderate: Security update for gcc48 Message-ID: <20220608131621.2956EF386@maintenance.suse.de> SUSE Security Update: Security update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2015-1 Rating: moderate References: #1142649 #1161913 #1177947 #1178675 #1185395 Cross-References: CVE-2019-14250 CVSS scores: CVE-2019-14250 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-14250 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for gcc48 fixes the following issues: - CVE-2019-14250: Fixed an integer overflow that could lead to an invalid memory access (bsc#1142649). Non-security fixes: - Fixed an issue with manual page builds (bsc#1185395). - Fixed an issue with static initializers (bsc#1177947). - Fixed an issue with exception handling on s390x (bsc#1161913). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2015=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2015=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2015=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gcc48-gij-32bit-4.8.5-31.26.1 gcc48-gij-4.8.5-31.26.1 gcc48-gij-debuginfo-32bit-4.8.5-31.26.1 gcc48-gij-debuginfo-4.8.5-31.26.1 libgcj48-32bit-4.8.5-31.26.1 libgcj48-4.8.5-31.26.1 libgcj48-debuginfo-32bit-4.8.5-31.26.1 libgcj48-debuginfo-4.8.5-31.26.1 libgcj48-debugsource-4.8.5-31.26.1 libgcj48-jar-4.8.5-31.26.1 libgcj_bc1-4.8.5-31.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-31.26.1 gcc48-debugsource-4.8.5-31.26.1 gcc48-fortran-4.8.5-31.26.1 gcc48-fortran-debuginfo-4.8.5-31.26.1 gcc48-gij-4.8.5-31.26.1 gcc48-gij-debuginfo-4.8.5-31.26.1 gcc48-java-4.8.5-31.26.1 gcc48-java-debuginfo-4.8.5-31.26.1 gcc48-obj-c++-4.8.5-31.26.1 gcc48-obj-c++-debuginfo-4.8.5-31.26.1 gcc48-objc-4.8.5-31.26.1 gcc48-objc-debuginfo-4.8.5-31.26.1 libffi48-debugsource-4.8.5-31.26.1 libffi48-devel-4.8.5-31.26.1 libgcj48-4.8.5-31.26.1 libgcj48-debuginfo-4.8.5-31.26.1 libgcj48-debugsource-4.8.5-31.26.1 libgcj48-devel-4.8.5-31.26.1 libgcj48-devel-debuginfo-4.8.5-31.26.1 libgcj48-jar-4.8.5-31.26.1 libgcj_bc1-4.8.5-31.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): gcc48-objc-32bit-4.8.5-31.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): gcc48-4.8.5-31.26.1 gcc48-c++-4.8.5-31.26.1 gcc48-c++-debuginfo-4.8.5-31.26.1 gcc48-locale-4.8.5-31.26.1 libstdc++48-devel-4.8.5-31.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): gcc48-info-4.8.5-31.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): gcc48-ada-4.8.5-31.26.1 gcc48-ada-debuginfo-4.8.5-31.26.1 libada48-4.8.5-31.26.1 libada48-debuginfo-4.8.5-31.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cpp48-4.8.5-31.26.1 cpp48-debuginfo-4.8.5-31.26.1 gcc48-debuginfo-4.8.5-31.26.1 gcc48-debugsource-4.8.5-31.26.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gcc48-4.8.5-31.26.1 gcc48-c++-4.8.5-31.26.1 gcc48-c++-debuginfo-4.8.5-31.26.1 gcc48-locale-4.8.5-31.26.1 libstdc++48-devel-4.8.5-31.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): gcc48-32bit-4.8.5-31.26.1 libstdc++48-devel-32bit-4.8.5-31.26.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gcc48-info-4.8.5-31.26.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libasan0-32bit-4.8.5-31.26.1 libasan0-4.8.5-31.26.1 libasan0-debuginfo-4.8.5-31.26.1 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1161913 https://bugzilla.suse.com/1177947 https://bugzilla.suse.com/1178675 https://bugzilla.suse.com/1185395 From sle-updates at lists.suse.com Wed Jun 8 19:16:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 21:16:04 +0200 (CEST) Subject: SUSE-RU-2022:2017-1: Recommended update for icewm Message-ID: <20220608191604.9628CF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2017-1 Rating: low References: #1197729 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for icewm fixes the following issues: - A later glib2 update will cause icewm fail to build. (bsc#1197729) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2017=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2017=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2017=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2017=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-150000.7.15.1 icewm-debuginfo-1.4.2-150000.7.15.1 icewm-debugsource-1.4.2-150000.7.15.1 icewm-default-1.4.2-150000.7.15.1 icewm-default-debuginfo-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 icewm-lite-debuginfo-1.4.2-150000.7.15.1 - openSUSE Leap 15.4 (noarch): icewm-config-upstream-1.4.2-150000.7.15.1 icewm-lang-1.4.2-150000.7.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-150000.7.15.1 icewm-debuginfo-1.4.2-150000.7.15.1 icewm-debugsource-1.4.2-150000.7.15.1 icewm-default-1.4.2-150000.7.15.1 icewm-default-debuginfo-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 icewm-lite-debuginfo-1.4.2-150000.7.15.1 - openSUSE Leap 15.3 (noarch): icewm-config-upstream-1.4.2-150000.7.15.1 icewm-lang-1.4.2-150000.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-150000.7.15.1 icewm-debuginfo-1.4.2-150000.7.15.1 icewm-debugsource-1.4.2-150000.7.15.1 icewm-default-1.4.2-150000.7.15.1 icewm-default-debuginfo-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 icewm-lite-debuginfo-1.4.2-150000.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): icewm-lang-1.4.2-150000.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-150000.7.15.1 icewm-debuginfo-1.4.2-150000.7.15.1 icewm-debugsource-1.4.2-150000.7.15.1 icewm-default-1.4.2-150000.7.15.1 icewm-default-debuginfo-1.4.2-150000.7.15.1 icewm-lite-1.4.2-150000.7.15.1 icewm-lite-debuginfo-1.4.2-150000.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): icewm-lang-1.4.2-150000.7.15.1 References: https://bugzilla.suse.com/1197729 From sle-updates at lists.suse.com Wed Jun 8 19:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 21:16:39 +0200 (CEST) Subject: SUSE-RU-2022:2016-1: Recommended update for vulkan Message-ID: <20220608191639.5B1CBF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for vulkan ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2016-1 Rating: low References: #1197862 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vulkan fixes the following issue: - Disable RPATH to make the inherited package run on SLE-15-SP4. (bsc#1197862) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2016=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2016=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2016=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2016=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): vulkan-1.0.65.0-150000.5.3.1 vulkan-debuginfo-1.0.65.0-150000.5.3.1 vulkan-debugsource-1.0.65.0-150000.5.3.1 - openSUSE Leap 15.4 (x86_64): vulkan-devel-32bit-1.0.65.0-150000.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): vulkan-1.0.65.0-150000.5.3.1 vulkan-debuginfo-1.0.65.0-150000.5.3.1 vulkan-debugsource-1.0.65.0-150000.5.3.1 - openSUSE Leap 15.3 (x86_64): vulkan-devel-32bit-1.0.65.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vulkan-1.0.65.0-150000.5.3.1 vulkan-debuginfo-1.0.65.0-150000.5.3.1 vulkan-debugsource-1.0.65.0-150000.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vulkan-1.0.65.0-150000.5.3.1 vulkan-debuginfo-1.0.65.0-150000.5.3.1 vulkan-debugsource-1.0.65.0-150000.5.3.1 References: https://bugzilla.suse.com/1197862 From sle-updates at lists.suse.com Wed Jun 8 19:17:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 21:17:19 +0200 (CEST) Subject: SUSE-RU-2022:2019-1: moderate: Recommended update for gcc11 Message-ID: <20220608191719.88EF2F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2019-1 Rating: moderate References: #1192951 #1193659 #1195283 #1196861 #1197065 OBS-124 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes and contains one feature can now be installed. Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2019=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2019=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2019=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2019=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2019=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2019=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2019=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2019=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cpp11-11.3.0+git1637-150000.1.9.1 cpp11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-sparcv9-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 gcc11-11.3.0+git1637-150000.1.9.1 gcc11-PIE-11.3.0+git1637-150000.1.9.1 gcc11-ada-11.3.0+git1637-150000.1.9.1 gcc11-ada-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-c++-11.3.0+git1637-150000.1.9.1 gcc11-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 gcc11-fortran-11.3.0+git1637-150000.1.9.1 gcc11-fortran-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-go-11.3.0+git1637-150000.1.9.1 gcc11-go-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-locale-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-objc-11.3.0+git1637-150000.1.9.1 gcc11-objc-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-testresults-11.3.0+git1637-150000.1.9.1 libada11-11.3.0+git1637-150000.1.9.1 libada11-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-11.3.0+git1637-150000.1.9.1 libasan6-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-11.3.0+git1637-150000.1.9.1 libatomic1-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-11.3.0+git1637-150000.1.9.1 libgfortran5-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-11.3.0+git1637-150000.1.9.1 libgo19-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-11.3.0+git1637-150000.1.9.1 libgomp1-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-11.3.0+git1637-150000.1.9.1 libitm1-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-11.3.0+git1637-150000.1.9.1 libobjc4-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 libstdc++6-locale-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1 libubsan1-11.3.0+git1637-150000.1.9.1 libubsan1-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 liblsan0-11.3.0+git1637-150000.1.9.1 liblsan0-debuginfo-11.3.0+git1637-150000.1.9.1 libtsan0-11.3.0+git1637-150000.1.9.1 libtsan0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 gcc11-d-11.3.0+git1637-150000.1.9.1 gcc11-d-debuginfo-11.3.0+git1637-150000.1.9.1 libgdruntime2-11.3.0+git1637-150000.1.9.1 libgdruntime2-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-11.3.0+git1637-150000.1.9.1 libgphobos2-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (ppc64le x86_64): libquadmath0-11.3.0+git1637-150000.1.9.1 libquadmath0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (s390x x86_64): gcc11-32bit-11.3.0+git1637-150000.1.9.1 gcc11-ada-32bit-11.3.0+git1637-150000.1.9.1 gcc11-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-d-32bit-11.3.0+git1637-150000.1.9.1 gcc11-fortran-32bit-11.3.0+git1637-150000.1.9.1 gcc11-go-32bit-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-objc-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-32bit-11.3.0+git1637-150000.1.9.1 libasan6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgdruntime2-32bit-11.3.0+git1637-150000.1.9.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-32bit-11.3.0+git1637-150000.1.9.1 libgo19-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-32bit-11.3.0+git1637-150000.1.9.1 libitm1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (aarch64): libhwasan0-11.3.0+git1637-150000.1.9.1 libhwasan0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (x86_64): cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-nvptx-newlib11-devel-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.4 (noarch): gcc11-info-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cpp11-11.3.0+git1637-150000.1.9.1 cpp11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-arm-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-arm-none-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-avr-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-epiphany-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-hppa-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-m68k-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-mips-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-ppc64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-elf-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-riscv64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-rx-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-sparc-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-sparc64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 cross-sparcv9-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 gcc11-11.3.0+git1637-150000.1.9.1 gcc11-PIE-11.3.0+git1637-150000.1.9.1 gcc11-ada-11.3.0+git1637-150000.1.9.1 gcc11-ada-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-c++-11.3.0+git1637-150000.1.9.1 gcc11-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 gcc11-fortran-11.3.0+git1637-150000.1.9.1 gcc11-fortran-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-go-11.3.0+git1637-150000.1.9.1 gcc11-go-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-locale-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-objc-11.3.0+git1637-150000.1.9.1 gcc11-objc-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-testresults-11.3.0+git1637-150000.1.9.1 libada11-11.3.0+git1637-150000.1.9.1 libada11-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-11.3.0+git1637-150000.1.9.1 libasan6-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-11.3.0+git1637-150000.1.9.1 libatomic1-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-11.3.0+git1637-150000.1.9.1 libgfortran5-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-11.3.0+git1637-150000.1.9.1 libgo19-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-11.3.0+git1637-150000.1.9.1 libgomp1-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-11.3.0+git1637-150000.1.9.1 libitm1-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-11.3.0+git1637-150000.1.9.1 libobjc4-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 libstdc++6-locale-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1 libubsan1-11.3.0+git1637-150000.1.9.1 libubsan1-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-s390x-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 liblsan0-11.3.0+git1637-150000.1.9.1 liblsan0-debuginfo-11.3.0+git1637-150000.1.9.1 libtsan0-11.3.0+git1637-150000.1.9.1 libtsan0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-x86_64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-debuginfo-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-bootstrap-debugsource-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-aarch64-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-ppc64le-gcc11-icecream-backend-11.3.0+git1637-150000.1.9.1 gcc11-d-11.3.0+git1637-150000.1.9.1 gcc11-d-debuginfo-11.3.0+git1637-150000.1.9.1 libgdruntime2-11.3.0+git1637-150000.1.9.1 libgdruntime2-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-11.3.0+git1637-150000.1.9.1 libgphobos2-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (ppc64le x86_64): libquadmath0-11.3.0+git1637-150000.1.9.1 libquadmath0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (s390x x86_64): gcc11-32bit-11.3.0+git1637-150000.1.9.1 gcc11-ada-32bit-11.3.0+git1637-150000.1.9.1 gcc11-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-d-32bit-11.3.0+git1637-150000.1.9.1 gcc11-fortran-32bit-11.3.0+git1637-150000.1.9.1 gcc11-go-32bit-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-objc-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-32bit-11.3.0+git1637-150000.1.9.1 libasan6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgdruntime2-32bit-11.3.0+git1637-150000.1.9.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-32bit-11.3.0+git1637-150000.1.9.1 libgo19-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-32bit-11.3.0+git1637-150000.1.9.1 libitm1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (aarch64): libhwasan0-11.3.0+git1637-150000.1.9.1 libhwasan0-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (x86_64): cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-nvptx-newlib11-devel-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - openSUSE Leap 15.3 (noarch): gcc11-info-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cpp11-11.3.0+git1637-150000.1.9.1 cpp11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-11.3.0+git1637-150000.1.9.1 gcc11-PIE-11.3.0+git1637-150000.1.9.1 gcc11-ada-11.3.0+git1637-150000.1.9.1 gcc11-ada-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-c++-11.3.0+git1637-150000.1.9.1 gcc11-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 gcc11-fortran-11.3.0+git1637-150000.1.9.1 gcc11-fortran-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-go-11.3.0+git1637-150000.1.9.1 gcc11-go-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-locale-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64): libhwasan0-11.3.0+git1637-150000.1.9.1 libhwasan0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 cross-nvptx-gcc11-debugsource-11.3.0+git1637-150000.1.9.1 cross-nvptx-newlib11-devel-11.3.0+git1637-150000.1.9.1 gcc11-32bit-11.3.0+git1637-150000.1.9.1 gcc11-ada-32bit-11.3.0+git1637-150000.1.9.1 gcc11-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-fortran-32bit-11.3.0+git1637-150000.1.9.1 gcc11-go-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): gcc11-info-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cpp11-11.3.0+git1637-150000.1.9.1 cpp11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-11.3.0+git1637-150000.1.9.1 gcc11-PIE-11.3.0+git1637-150000.1.9.1 gcc11-ada-11.3.0+git1637-150000.1.9.1 gcc11-ada-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-c++-11.3.0+git1637-150000.1.9.1 gcc11-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 gcc11-fortran-11.3.0+git1637-150000.1.9.1 gcc11-fortran-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-go-11.3.0+git1637-150000.1.9.1 gcc11-go-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-locale-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-objc-11.3.0+git1637-150000.1.9.1 gcc11-objc-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-testresults-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 s390x x86_64): gcc11-d-11.3.0+git1637-150000.1.9.1 gcc11-d-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): gcc11-32bit-11.3.0+git1637-150000.1.9.1 gcc11-ada-32bit-11.3.0+git1637-150000.1.9.1 gcc11-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-d-32bit-11.3.0+git1637-150000.1.9.1 gcc11-fortran-32bit-11.3.0+git1637-150000.1.9.1 gcc11-go-32bit-11.3.0+git1637-150000.1.9.1 gcc11-obj-c++-32bit-11.3.0+git1637-150000.1.9.1 gcc11-objc-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc11-info-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 libada11-11.3.0+git1637-150000.1.9.1 libada11-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-11.3.0+git1637-150000.1.9.1 libasan6-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-11.3.0+git1637-150000.1.9.1 libatomic1-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-11.3.0+git1637-150000.1.9.1 libgfortran5-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-11.3.0+git1637-150000.1.9.1 libgo19-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-11.3.0+git1637-150000.1.9.1 libgomp1-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-11.3.0+git1637-150000.1.9.1 libitm1-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-11.3.0+git1637-150000.1.9.1 libobjc4-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 libstdc++6-locale-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1 libubsan1-11.3.0+git1637-150000.1.9.1 libubsan1-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le x86_64): liblsan0-11.3.0+git1637-150000.1.9.1 liblsan0-debuginfo-11.3.0+git1637-150000.1.9.1 libtsan0-11.3.0+git1637-150000.1.9.1 libtsan0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le x86_64): libquadmath0-11.3.0+git1637-150000.1.9.1 libquadmath0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libada11-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-32bit-11.3.0+git1637-150000.1.9.1 libasan6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-32bit-11.3.0+git1637-150000.1.9.1 libgo19-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-32bit-11.3.0+git1637-150000.1.9.1 libitm1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libada11-11.3.0+git1637-150000.1.9.1 libada11-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-11.3.0+git1637-150000.1.9.1 libasan6-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-11.3.0+git1637-150000.1.9.1 libatomic1-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-11.3.0+git1637-150000.1.9.1 libgfortran5-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-11.3.0+git1637-150000.1.9.1 libgo19-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-11.3.0+git1637-150000.1.9.1 libgomp1-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-11.3.0+git1637-150000.1.9.1 libitm1-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-11.3.0+git1637-150000.1.9.1 libobjc4-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 libstdc++6-locale-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1 libubsan1-11.3.0+git1637-150000.1.9.1 libubsan1-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): liblsan0-11.3.0+git1637-150000.1.9.1 liblsan0-debuginfo-11.3.0+git1637-150000.1.9.1 libtsan0-11.3.0+git1637-150000.1.9.1 libtsan0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): libgdruntime2-11.3.0+git1637-150000.1.9.1 libgdruntime2-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-11.3.0+git1637-150000.1.9.1 libgphobos2-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libquadmath0-11.3.0+git1637-150000.1.9.1 libquadmath0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x x86_64): libada11-32bit-11.3.0+git1637-150000.1.9.1 libada11-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libasan6-32bit-11.3.0+git1637-150000.1.9.1 libasan6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-11.3.0+git1637-150000.1.9.1 libatomic1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1 libgcc_s1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-11.3.0+git1637-150000.1.9.1 libgfortran5-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-11.3.0+git1637-150000.1.9.1 libgomp1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libitm1-32bit-11.3.0+git1637-150000.1.9.1 libitm1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-11.3.0+git1637-150000.1.9.1 libstdc++6-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-11.3.0+git1637-150000.1.9.1 libubsan1-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): libhwasan0-11.3.0+git1637-150000.1.9.1 libhwasan0-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgdruntime2-32bit-11.3.0+git1637-150000.1.9.1 libgdruntime2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgo19-32bit-11.3.0+git1637-150000.1.9.1 libgo19-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-11.3.0+git1637-150000.1.9.1 libgphobos2-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-11.3.0+git1637-150000.1.9.1 libobjc4-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-11.3.0+git1637-150000.1.9.1 libquadmath0-32bit-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gcc11-debuginfo-11.3.0+git1637-150000.1.9.1 gcc11-debugsource-11.3.0+git1637-150000.1.9.1 libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libgcc_s1-11.3.0+git1637-150000.1.9.1 libgcc_s1-debuginfo-11.3.0+git1637-150000.1.9.1 libstdc++6-11.3.0+git1637-150000.1.9.1 libstdc++6-debuginfo-11.3.0+git1637-150000.1.9.1 References: https://bugzilla.suse.com/1192951 https://bugzilla.suse.com/1193659 https://bugzilla.suse.com/1195283 https://bugzilla.suse.com/1196861 https://bugzilla.suse.com/1197065 From sle-updates at lists.suse.com Wed Jun 8 19:18:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2022 21:18:19 +0200 (CEST) Subject: SUSE-RU-2022:2018-1: moderate: Recommended update for build Message-ID: <20220608191819.4B58CF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2018-1 Rating: moderate References: #1197298 #1197699 #1198740 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for build fixes the following issues: - Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740) - Use aio=io_uring if available (bsc#1197699) (build#814) - Add arm32 and loongarch definitions (build#808) - Add compatibility code to initvm - Use upstream way of binfmt argv0 preservation (bsc#1197298) (build#809) - Add template support for Build::SimpleJSON - minor documentation updates - docker: Add support for --root and --installroot global zypper options - debian cross build support via multi-arch (obsoleting cbinstall remnants) - Tumbleweed config synced - documentation updates - smaller bugfixes - regression fix from last release, avoid calling shutdown handler twice when building in vm Changes: * pbuild: add --debug option for building debuginfo packages * rename --debug to --debuginfo to be more exact. * docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername Fixes: * Avoid shutdown of host when using nspawn Features: * download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * Kiwi builds - Always append the profile name to kiwi container names * Dockerfile build - improve registry handling - initial Dockerfile.dapper support - support 'curl' commands in docker builds - strip known domains from container name - support container alias names * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9 Changes: * Use git+https instead of git-https as url schema * add oops=panic kernel parameter * Updated distribution configurations (esp. Leap 15.4 and Tumbleweed) * new preinstallimages are using zstd by default * source subdirectories are used in git managed sources Minor improvements * change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements - renamed tumbleweed config to tumbleweed - synced tumbleweed config changes - initial config for Leap 15.4 - docker build environment * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present - pbuild * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache - Unify ccache and sccache handling Features: - deb zstd support (for Ubuntu 21.10) - support KVM builds with enabled network - modulemd support improvements - Support a "Distmacro" directive for recipe parser-only macros Fixes: - Load selinux policy when using a preinstall image - Use the pax format for preinstall images if bsdtar is available - Add %riscv to std_macros - Fix combine_configs dropping newlines pbuild: - Implement SCC calculation - Improve --shell-after-build and --single options - initial documentation of pbuild - Bugfixes - Fix unpacking of deb/arch archives without bsdtar - fixed regression in multiline macro evaluation from 20th August release Features: - cross architecture build support (for rpm and kiwi) - modulemd meta data support - pbuild to build multiple source packages (initial release, can not be considered stable yet) - supporting external asset stores for source files - support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/ - sccache support - New --shell-after-fail option - allow to disable squashfs in SimpleImage - supporting aarch64 kernel on armv?l distributions - kiwi: Add support for OBS-RemoteAsset and OBS-CopyToImage directives - container: FROM scratch build support Improvements: - supporting kvm builds as non-root user - Extend stage selection support for rpm builds - various distribution config updates - Support "BuildFlags: cumulaterpms" (was done only via suse_version before) Fixes: - container builds * support newer podman versions * supporting multiple containers for multi-stage builds - Supporting URL's in Flatpak manifests - epoch handling in debian builds - catch more cases where a failed build is marked as host error - fixing wrong status reporting when a job got killed - hugetlbfs handling fixes - try mounting selinuxfs in VM - Also create the /sys dir when preinstalling (to satisfy dracut) - various XML parser fixes - and many minor ones Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2018=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2018=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2018=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2018=1 Package List: - openSUSE Leap 15.4 (noarch): build-20220422-150200.9.1 build-initvm-aarch64-20220422-150200.9.1 build-initvm-powerpc64le-20220422-150200.9.1 build-initvm-s390x-20220422-150200.9.1 build-initvm-x86_64-20220422-150200.9.1 build-mkbaselibs-20220422-150200.9.1 build-mkdrpms-20220422-150200.9.1 - openSUSE Leap 15.3 (noarch): build-20220422-150200.9.1 build-initvm-aarch64-20220422-150200.9.1 build-initvm-powerpc64le-20220422-150200.9.1 build-initvm-s390x-20220422-150200.9.1 build-initvm-x86_64-20220422-150200.9.1 build-mkbaselibs-20220422-150200.9.1 build-mkdrpms-20220422-150200.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): build-20220422-150200.9.1 build-mkbaselibs-20220422-150200.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): build-20220422-150200.9.1 build-mkbaselibs-20220422-150200.9.1 References: https://bugzilla.suse.com/1197298 https://bugzilla.suse.com/1197699 https://bugzilla.suse.com/1198740 From sle-updates at lists.suse.com Thu Jun 9 08:07:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:07:27 +0200 (CEST) Subject: SUSE-CU-2022:1309-1: Recommended update of suse/sle15 Message-ID: <20220609080727.9E7DAF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1309-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.570 Container Release : 4.22.570 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated From sle-updates at lists.suse.com Thu Jun 9 08:10:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:10:42 +0200 (CEST) Subject: SUSE-CU-2022:1310-1: Recommended update of bci/golang Message-ID: <20220609081042.DF94DF386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1310-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.60 , bci/golang:latest Container Release : 7.60 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.13 updated From sle-updates at lists.suse.com Thu Jun 9 08:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:15:51 +0200 (CEST) Subject: SUSE-CU-2022:1311-1: Recommended update of bci/nodejs Message-ID: <20220609081551.9CEEAF386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1311-1 Container Tags : bci/node:14 , bci/node:14-19.64 , bci/nodejs:14 , bci/nodejs:14-19.64 Container Release : 19.64 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.13 updated From sle-updates at lists.suse.com Thu Jun 9 08:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:20:06 +0200 (CEST) Subject: SUSE-CU-2022:1312-1: Recommended update of bci/nodejs Message-ID: <20220609082006.45A22F386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1312-1 Container Tags : bci/node:16 , bci/node:16-7.70 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-7.70 , bci/nodejs:latest Container Release : 7.70 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.13 updated From sle-updates at lists.suse.com Thu Jun 9 08:27:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:27:14 +0200 (CEST) Subject: SUSE-CU-2022:1313-1: Recommended update of bci/ruby Message-ID: <20220609082714.603D3F386@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1313-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.49 , bci/ruby:latest Container Release : 18.49 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.13 updated From sle-updates at lists.suse.com Thu Jun 9 08:41:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:41:03 +0200 (CEST) Subject: SUSE-CU-2022:1314-1: Recommended update of suse/sle15 Message-ID: <20220609084103.3280EFD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1314-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.13 , suse/sle15:15.3 , suse/sle15:15.3.17.17.13 Container Release : 17.17.13 Severity : important Type : recommended References : 1192951 1193659 1195283 1196861 1197065 1198176 1198751 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - glibc-2.31-150300.26.5 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated From sle-updates at lists.suse.com Thu Jun 9 08:42:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 10:42:37 +0200 (CEST) Subject: SUSE-CU-2022:1316-1: Recommended update of bci/bci-minimal Message-ID: <20220609084237.96EDDF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1316-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.10.54 Container Release : 10.54 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:micro-image-15.4.0-10.3 updated From sle-updates at lists.suse.com Thu Jun 9 13:16:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:16:02 +0200 (CEST) Subject: SUSE-RU-2022:2021-1: moderate: Recommended update for crmsh Message-ID: <20220609131602.9F1C1F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2021-1 Rating: moderate References: #1132375 #1194125 #1198180 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Update to version 4.3.1+20220505.cf4ab649: * Fix: hb_report: Read data in a save way, to avoid UnicodeDecodeError (bsc#1198180) * Dev: ocfs2: Fix running ocfs2 stage on cluster with diskless-sbd * Fix: ui_configure: Give a deprecated warning when using "ms" subcommand (bsc#1194125) * Fix: xmlutil: Parse promotable clone correctly and also consider compatibility (bsc#1194125) * Fix: bootstrap: Change default transport type as udpu(unicast) (bsc#1132375) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2021=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.1+20220505.cf4ab649-150100.3.91.3 crmsh-scripts-4.3.1+20220505.cf4ab649-150100.3.91.3 References: https://bugzilla.suse.com/1132375 https://bugzilla.suse.com/1194125 https://bugzilla.suse.com/1198180 From sle-updates at lists.suse.com Thu Jun 9 13:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:16:52 +0200 (CEST) Subject: SUSE-SU-2022:2030-1: important: Security update for webkit2gtk3 Message-ID: <20220609131652.998AFF386@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2030-1 Rating: important References: #1199287 #1200106 Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVSS scores: CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2030=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2030=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2030=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2030=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2030=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2030=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2030=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2030=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2030=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2030=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150000.3.103.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-2.36.3-150000.3.103.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150000.3.103.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2-4_0-2.36.3-150000.3.103.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-2.36.3-150000.3.103.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150000.3.103.1 webkit2gtk3-debugsource-2.36.3-150000.3.103.1 webkit2gtk3-devel-2.36.3-150000.3.103.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.36.3-150000.3.103.1 References: https://www.suse.com/security/cve/CVE-2022-26700.html https://www.suse.com/security/cve/CVE-2022-26709.html https://www.suse.com/security/cve/CVE-2022-26716.html https://www.suse.com/security/cve/CVE-2022-26717.html https://www.suse.com/security/cve/CVE-2022-26719.html https://www.suse.com/security/cve/CVE-2022-30293.html https://bugzilla.suse.com/1199287 https://bugzilla.suse.com/1200106 From sle-updates at lists.suse.com Thu Jun 9 13:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:17:41 +0200 (CEST) Subject: SUSE-RU-2022:2026-1: Recommended update for lirc Message-ID: <20220609131741.28333F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for lirc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2026-1 Rating: low References: #1192772 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lirc fixes the following issues: - Fix library dependency. (bsc#1192772) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2026=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2026=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2026=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2026=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2026=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): lirc-drv-portaudio-0.9.4c-150000.4.3.1 lirc-drv-portaudio-debuginfo-0.9.4c-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libirrecord0-0.9.4c-150000.4.3.1 libirrecord0-debuginfo-0.9.4c-150000.4.3.1 liblirc0-0.9.4c-150000.4.3.1 liblirc0-debuginfo-0.9.4c-150000.4.3.1 liblirc_client0-0.9.4c-150000.4.3.1 liblirc_client0-debuginfo-0.9.4c-150000.4.3.1 liblirc_driver0-0.9.4c-150000.4.3.1 liblirc_driver0-debuginfo-0.9.4c-150000.4.3.1 lirc-core-0.9.4c-150000.4.3.1 lirc-core-debuginfo-0.9.4c-150000.4.3.1 lirc-debugsource-0.9.4c-150000.4.3.1 lirc-devel-0.9.4c-150000.4.3.1 lirc-disable-kernel-rc-0.9.4c-150000.4.3.1 lirc-drv-ftdi-0.9.4c-150000.4.3.1 lirc-drv-ftdi-debuginfo-0.9.4c-150000.4.3.1 lirc-drv-portaudio-0.9.4c-150000.4.3.1 lirc-drv-portaudio-debuginfo-0.9.4c-150000.4.3.1 lirc-tools-gui-0.9.4c-150000.4.3.1 lirc-tools-gui-debuginfo-0.9.4c-150000.4.3.1 - openSUSE Leap 15.3 (x86_64): liblirc0-32bit-0.9.4c-150000.4.3.1 liblirc0-32bit-debuginfo-0.9.4c-150000.4.3.1 liblirc_client0-32bit-0.9.4c-150000.4.3.1 liblirc_client0-32bit-debuginfo-0.9.4c-150000.4.3.1 liblirc_driver0-32bit-0.9.4c-150000.4.3.1 liblirc_driver0-32bit-debuginfo-0.9.4c-150000.4.3.1 - openSUSE Leap 15.3 (noarch): lirc-config-0.9.4c-150000.4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libirrecord0-0.9.4c-150000.4.3.1 libirrecord0-debuginfo-0.9.4c-150000.4.3.1 liblirc0-0.9.4c-150000.4.3.1 liblirc0-debuginfo-0.9.4c-150000.4.3.1 liblirc_client0-0.9.4c-150000.4.3.1 liblirc_client0-debuginfo-0.9.4c-150000.4.3.1 liblirc_driver0-0.9.4c-150000.4.3.1 liblirc_driver0-debuginfo-0.9.4c-150000.4.3.1 lirc-debugsource-0.9.4c-150000.4.3.1 lirc-devel-0.9.4c-150000.4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): lirc-debugsource-0.9.4c-150000.4.3.1 lirc-drv-portaudio-0.9.4c-150000.4.3.1 lirc-drv-portaudio-debuginfo-0.9.4c-150000.4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libirrecord0-0.9.4c-150000.4.3.1 libirrecord0-debuginfo-0.9.4c-150000.4.3.1 liblirc0-0.9.4c-150000.4.3.1 liblirc0-debuginfo-0.9.4c-150000.4.3.1 liblirc_client0-0.9.4c-150000.4.3.1 liblirc_client0-debuginfo-0.9.4c-150000.4.3.1 liblirc_driver0-0.9.4c-150000.4.3.1 liblirc_driver0-debuginfo-0.9.4c-150000.4.3.1 lirc-core-0.9.4c-150000.4.3.1 lirc-core-debuginfo-0.9.4c-150000.4.3.1 lirc-debugsource-0.9.4c-150000.4.3.1 lirc-devel-0.9.4c-150000.4.3.1 lirc-disable-kernel-rc-0.9.4c-150000.4.3.1 lirc-drv-ftdi-0.9.4c-150000.4.3.1 lirc-drv-ftdi-debuginfo-0.9.4c-150000.4.3.1 lirc-drv-portaudio-0.9.4c-150000.4.3.1 lirc-drv-portaudio-debuginfo-0.9.4c-150000.4.3.1 lirc-tools-gui-0.9.4c-150000.4.3.1 lirc-tools-gui-debuginfo-0.9.4c-150000.4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): lirc-config-0.9.4c-150000.4.3.1 References: https://bugzilla.suse.com/1192772 From sle-updates at lists.suse.com Thu Jun 9 13:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:18:16 +0200 (CEST) Subject: SUSE-RU-2022:2028-1: Recommended update for libfastjson Message-ID: <20220609131816.BD109F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libfastjson ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2028-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for libfastjson fixes the following issues: - Update to 0.99.8: - make build under gcc7 with strict settings (warning==error) - bugfix: constant key names not properly handled - fix potentially invalid return value of fjson_object_iter_begin - fix small potential memory leak in json_tokener - add option for case-insensitive comparisons - Remove userdata and custom-serialization functions - fixes for platforms other than GNU/Linux - fix floating point representation when fractional part is missing - m4: fix detection of atomics - add fjson_object_dump() and fjson_object_write() functions Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2028=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfastjson-debugsource-0.99.8-3.3.1 libfastjson4-0.99.8-3.3.1 libfastjson4-debuginfo-0.99.8-3.3.1 References: From sle-updates at lists.suse.com Thu Jun 9 13:18:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:18:47 +0200 (CEST) Subject: SUSE-RU-2022:2023-1: moderate: Recommended update for python-azure-agent Message-ID: <20220609131847.168C7F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2023-1 Rating: moderate References: #1198258 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2023=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.49.2-34.38.1 References: https://bugzilla.suse.com/1198258 From sle-updates at lists.suse.com Thu Jun 9 13:19:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:19:28 +0200 (CEST) Subject: SUSE-RU-2022:2024-1: moderate: Recommended update for python-azure-agent Message-ID: <20220609131928.0AE4DF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2024-1 Rating: moderate References: #1198258 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2024=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2024=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2024=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2024=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2024=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2024=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2024=1 Package List: - openSUSE Leap 15.4 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 python-azure-agent-test-2.2.49.2-150100.3.23.1 - openSUSE Leap 15.3 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 python-azure-agent-test-2.2.49.2-150100.3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python-azure-agent-2.2.49.2-150100.3.23.1 References: https://bugzilla.suse.com/1198258 From sle-updates at lists.suse.com Thu Jun 9 13:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:20:13 +0200 (CEST) Subject: SUSE-SU-2022:2031-1: important: Security update for mozilla-nss Message-ID: <20220609132013.BFC38F386@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2031-1 Rating: important References: #1200027 Cross-References: CVE-2022-31741 CVSS scores: CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.4 (bsc#1200027) * CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2031=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2031=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2031=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2031=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2031=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2031=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2031=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2031=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2031=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2031=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2031=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2031=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2031=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.68.4-58.72.1 libfreebl3-32bit-3.68.4-58.72.1 libfreebl3-debuginfo-3.68.4-58.72.1 libfreebl3-debuginfo-32bit-3.68.4-58.72.1 libfreebl3-hmac-3.68.4-58.72.1 libfreebl3-hmac-32bit-3.68.4-58.72.1 libsoftokn3-3.68.4-58.72.1 libsoftokn3-32bit-3.68.4-58.72.1 libsoftokn3-debuginfo-3.68.4-58.72.1 libsoftokn3-debuginfo-32bit-3.68.4-58.72.1 libsoftokn3-hmac-3.68.4-58.72.1 libsoftokn3-hmac-32bit-3.68.4-58.72.1 mozilla-nss-3.68.4-58.72.1 mozilla-nss-32bit-3.68.4-58.72.1 mozilla-nss-certs-3.68.4-58.72.1 mozilla-nss-certs-32bit-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-3.68.4-58.72.1 mozilla-nss-certs-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debuginfo-3.68.4-58.72.1 mozilla-nss-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-debugsource-3.68.4-58.72.1 mozilla-nss-devel-3.68.4-58.72.1 mozilla-nss-sysinit-3.68.4-58.72.1 mozilla-nss-sysinit-32bit-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-3.68.4-58.72.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.4-58.72.1 mozilla-nss-tools-3.68.4-58.72.1 mozilla-nss-tools-debuginfo-3.68.4-58.72.1 References: https://www.suse.com/security/cve/CVE-2022-31741.html https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Thu Jun 9 13:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:20:56 +0200 (CEST) Subject: SUSE-RU-2022:2025-1: Recommended update for grafana-status-panel Message-ID: <20220609132056.42760F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for grafana-status-panel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2025-1 Rating: low References: #1198768 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grafana-status-panel fixes the following issues: - Update to version 1.0.11, signed for use with grafana v8.x (bsc#1198768) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2025=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2025=1 Package List: - openSUSE Leap 15.4 (noarch): grafana-status-panel-1.0.11-150200.3.8.1 - openSUSE Leap 15.3 (noarch): grafana-status-panel-1.0.11-150200.3.8.1 References: https://bugzilla.suse.com/1198768 From sle-updates at lists.suse.com Thu Jun 9 13:21:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:21:30 +0200 (CEST) Subject: SUSE-RU-2022:2022-1: moderate: Recommended update for sapwmp Message-ID: <20220609132130.DB452F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapwmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2022-1 Rating: moderate References: SLE-24328 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for sapwmp fixes the following issues: - Update to version 0.1+git.1645197740.6b06c5c: * wmp-check: Polish the phrase of error output. * wmp-check: raise error when user not configure MemoryLow of target slice in digital. * Polish pull request based on review comments. * check.sh: Add unprotect_list check of subcgroups * check.sh: Fix a wmp check bug of memory_low_children * Add switch f and avoid empty DBus message error. * Skip systemd managed processes jsc#PM-3309 (jsc#SLE-24328) * Enable wmp-checker for SLE15SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2022=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1645197740.6b06c5c-150100.3.6.1 sapwmp-debuginfo-0.1+git.1645197740.6b06c5c-150100.3.6.1 References: From sle-updates at lists.suse.com Thu Jun 9 13:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:22:00 +0200 (CEST) Subject: SUSE-RU-2022:2027-1: Recommended update for liblognorm Message-ID: <20220609132200.CBAB9F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for liblognorm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2027-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for liblognorm fixes the following issues: - liblognorm 2.0.4: Added support for native JSON number formats supported by parsers: number, float, hex Added support for creating unix timestamps supported by parsers: date-rfc3164, date-rfc5424 Add ability to load rulebase from a string. String parser did not correctly parse word at end of line. Literal parser did not always store value if name is specified. - Drop HTML docs and python-Sphinx dependency. - Use pkgconfig always. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2027=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblognorm-debugsource-2.0.4-3.5.1 liblognorm5-2.0.4-3.5.1 liblognorm5-debuginfo-2.0.4-3.5.1 References: From sle-updates at lists.suse.com Thu Jun 9 13:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:22:30 +0200 (CEST) Subject: SUSE-RU-2022:2020-1: moderate: Recommended update for sapwmp Message-ID: <20220609132230.129E9F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapwmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2020-1 Rating: moderate References: SLE-24330 SLE-24332 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for sapwmp fixes the following issues: - Update to version 0.1+git.1645197740.6b06c5c: * wmp-check: Polish the phrase of error output. * wmp-check: raise error when user not configure MemoryLow of target slice in digital. * Polish pull request based on review comments. * check.sh: Add unprotect_list check of subcgroups * check.sh: Fix a wmp check bug of memory_low_children * Add switch f and avoid empty DBus message error. * Skip systemd managed processes jsc#PM-3309 (jsc#SLE-24330, jsc#SLE-24332) * Enable wmp-checker for SLE15SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2020=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2020=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2020=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1645197740.6b06c5c-150200.3.9.2 sapwmp-debuginfo-0.1+git.1645197740.6b06c5c-150200.3.9.2 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1645197740.6b06c5c-150200.3.9.2 sapwmp-debuginfo-0.1+git.1645197740.6b06c5c-150200.3.9.2 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1645197740.6b06c5c-150200.3.9.2 sapwmp-debuginfo-0.1+git.1645197740.6b06c5c-150200.3.9.2 References: From sle-updates at lists.suse.com Thu Jun 9 13:23:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 15:23:06 +0200 (CEST) Subject: SUSE-SU-2022:2029-1: moderate: Security update for fribidi Message-ID: <20220609132306.CD67CF386@maintenance.suse.de> SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2029-1 Rating: moderate References: #1196147 #1196148 #1196150 Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVSS scores: CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2029=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2029=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2029=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2029=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2029=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2029=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Enterprise Storage 6 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE CaaS Platform 4.0 (x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-25308.html https://www.suse.com/security/cve/CVE-2022-25309.html https://www.suse.com/security/cve/CVE-2022-25310.html https://bugzilla.suse.com/1196147 https://bugzilla.suse.com/1196148 https://bugzilla.suse.com/1196150 From sle-updates at lists.suse.com Thu Jun 9 19:14:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 21:14:59 +0200 (CEST) Subject: SUSE-RU-2022:2032-1: important: Recommended update for libteam Message-ID: <20220609191459.35678F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libteam ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2032-1 Rating: important References: #1197461 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libteam fixes the following issues: - Fix memory allocation issue (bsc#1197461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2032=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libteam-debugsource-1.21-5.6.1 libteam-tools-1.21-5.6.1 libteam-tools-debuginfo-1.21-5.6.1 libteam5-1.21-5.6.1 libteam5-debuginfo-1.21-5.6.1 libteamdctl0-1.21-5.6.1 libteamdctl0-debuginfo-1.21-5.6.1 python-libteam-1.21-5.6.1 python-libteam-debuginfo-1.21-5.6.1 References: https://bugzilla.suse.com/1197461 From sle-updates at lists.suse.com Thu Jun 9 19:15:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 21:15:27 +0200 (CEST) Subject: SUSE-RU-2022:2033-1: important: Recommended update for installation-images Message-ID: <20220609191527.E5938F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2033-1 Rating: important References: #1196331 #1197222 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for installation-images fixes the following issues: - Fix creation of openslp user (bsc#1196331, bsc#1197222) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2033=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tftpboot-installation-SLE-15-SP3-aarch64-16.56.15-150300.3.15.1 tftpboot-installation-SLE-15-SP3-ppc64le-16.56.15-150300.3.15.1 tftpboot-installation-SLE-15-SP3-s390x-16.56.15-150300.3.15.1 tftpboot-installation-SLE-15-SP3-x86_64-16.56.15-150300.3.15.1 References: https://bugzilla.suse.com/1196331 https://bugzilla.suse.com/1197222 From sle-updates at lists.suse.com Thu Jun 9 19:16:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2022 21:16:03 +0200 (CEST) Subject: SUSE-RU-2022:2034-1: moderate: Recommended update for libtirpc Message-ID: <20220609191603.0D588F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2034-1 Rating: moderate References: #1198752 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Fix memory leak in params.r_addr assignement (bsc#1198752) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2034=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2034=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.19.1 libtirpc-devel-1.0.1-17.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.19.1 libtirpc-netconfig-1.0.1-17.19.1 libtirpc3-1.0.1-17.19.1 libtirpc3-debuginfo-1.0.1-17.19.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtirpc3-32bit-1.0.1-17.19.1 libtirpc3-debuginfo-32bit-1.0.1-17.19.1 References: https://bugzilla.suse.com/1198752 From sle-updates at lists.suse.com Fri Jun 10 07:15:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 09:15:16 +0200 (CEST) Subject: SUSE-CU-2022:1317-1: Recommended update of suse/389-ds Message-ID: <20220610071516.DC24DF386@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1317-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-13.35 , suse/389-ds:latest Container Release : 13.35 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-27.5.6 updated From sle-updates at lists.suse.com Fri Jun 10 13:15:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:15:16 +0200 (CEST) Subject: SUSE-SU-2022:2037-1: important: Security update for grub2 Message-ID: <20220610131516.930DDF386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2037-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2037=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2037=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2037=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2037=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2037=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2037=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-137.2 grub2-systemd-sleep-plugin-2.02-137.2 - HPE Helion Openstack 8 (x86_64): grub2-2.02-137.2 grub2-debuginfo-2.02-137.2 grub2-debugsource-2.02-137.2 grub2-i386-pc-2.02-137.2 grub2-x86_64-efi-2.02-137.2 grub2-x86_64-xen-2.02-137.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 13:16:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:16:36 +0200 (CEST) Subject: SUSE-SU-2022:2035-1: important: Security update for grub2 Message-ID: <20220610131636.6C741F386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2035-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198495 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2035=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2035=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2035=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2035=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.5.2 grub2-branding-upstream-2.06-150400.11.5.2 grub2-debuginfo-2.06-150400.11.5.2 - openSUSE Leap 15.4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.5.2 - openSUSE Leap 15.4 (noarch): grub2-arm64-efi-2.06-150400.11.5.2 grub2-arm64-efi-debug-2.06-150400.11.5.2 grub2-i386-pc-2.06-150400.11.5.2 grub2-i386-pc-debug-2.06-150400.11.5.2 grub2-powerpc-ieee1275-2.06-150400.11.5.2 grub2-powerpc-ieee1275-debug-2.06-150400.11.5.2 grub2-snapper-plugin-2.06-150400.11.5.2 grub2-systemd-sleep-plugin-2.06-150400.11.5.2 grub2-x86_64-efi-2.06-150400.11.5.2 grub2-x86_64-efi-debug-2.06-150400.11.5.2 grub2-x86_64-xen-2.06-150400.11.5.2 - openSUSE Leap 15.4 (s390x): grub2-s390x-emu-2.06-150400.11.5.2 grub2-s390x-emu-debug-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): grub2-x86_64-xen-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): grub2-arm64-efi-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.06-150400.11.5.2 grub2-debuginfo-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): grub2-arm64-efi-2.06-150400.11.5.2 grub2-i386-pc-2.06-150400.11.5.2 grub2-powerpc-ieee1275-2.06-150400.11.5.2 grub2-snapper-plugin-2.06-150400.11.5.2 grub2-systemd-sleep-plugin-2.06-150400.11.5.2 grub2-x86_64-efi-2.06-150400.11.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): grub2-s390x-emu-2.06-150400.11.5.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28735.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198495 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 13:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:17:52 +0200 (CEST) Subject: SUSE-SU-2022:2039-1: important: Security update for grub2 Message-ID: <20220610131752.E7BDDF386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2039-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2039=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02-115.67.2 grub2-debuginfo-2.02-115.67.2 grub2-debugsource-2.02-115.67.2 grub2-i386-pc-2.02-115.67.2 grub2-x86_64-efi-2.02-115.67.2 grub2-x86_64-xen-2.02-115.67.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02-115.67.2 grub2-systemd-sleep-plugin-2.02-115.67.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 13:19:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:19:01 +0200 (CEST) Subject: SUSE-SU-2022:2041-1: important: Security update for grub2 Message-ID: <20220610131901.93F0EF386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2041-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2041=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2041=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2041=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2041=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2041=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2041=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): grub2-i386-pc-2.02-150100.123.12.2 grub2-powerpc-ieee1275-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): grub2-debugsource-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-150100.123.12.2 grub2-i386-pc-2.02-150100.123.12.2 grub2-powerpc-ieee1275-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): grub2-s390x-emu-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 grub2-debugsource-2.02-150100.123.12.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): grub2-i386-pc-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 grub2-debugsource-2.02-150100.123.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-150100.123.12.2 grub2-i386-pc-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 grub2-debugsource-2.02-150100.123.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): grub2-arm64-efi-2.02-150100.123.12.2 grub2-i386-pc-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 grub2-debugsource-2.02-150100.123.12.2 - SUSE Enterprise Storage 6 (noarch): grub2-arm64-efi-2.02-150100.123.12.2 grub2-i386-pc-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 - SUSE CaaS Platform 4.0 (x86_64): grub2-2.02-150100.123.12.2 grub2-debuginfo-2.02-150100.123.12.2 grub2-debugsource-2.02-150100.123.12.2 - SUSE CaaS Platform 4.0 (noarch): grub2-i386-pc-2.02-150100.123.12.2 grub2-snapper-plugin-2.02-150100.123.12.2 grub2-systemd-sleep-plugin-2.02-150100.123.12.2 grub2-x86_64-efi-2.02-150100.123.12.2 grub2-x86_64-xen-2.02-150100.123.12.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 13:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:20:08 +0200 (CEST) Subject: SUSE-FU-2022:2042-1: important: Feature update for SUSE Manager Salt Bundle Message-ID: <20220610132008.7CD77F386@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2042-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-2042=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Fri Jun 10 13:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:21:14 +0200 (CEST) Subject: SUSE-SU-2022:2036-1: important: Security update for grub2 Message-ID: <20220610132114.E3F76F386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2036-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2036=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2036=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2036=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2036=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-150000.122.12.2 grub2-debuginfo-2.02-150000.122.12.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-150000.122.12.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-150000.122.12.2 grub2-systemd-sleep-plugin-2.02-150000.122.12.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-150000.122.12.2 grub2-i386-pc-2.02-150000.122.12.2 grub2-x86_64-efi-2.02-150000.122.12.2 grub2-x86_64-xen-2.02-150000.122.12.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-150000.122.12.2 grub2-debuginfo-2.02-150000.122.12.2 grub2-debugsource-2.02-150000.122.12.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-150000.122.12.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-150000.122.12.2 grub2-systemd-sleep-plugin-2.02-150000.122.12.2 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-150000.122.12.2 grub2-debuginfo-2.02-150000.122.12.2 grub2-debugsource-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-150000.122.12.2 grub2-x86_64-efi-2.02-150000.122.12.2 grub2-x86_64-xen-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-150000.122.12.2 grub2-systemd-sleep-plugin-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-150000.122.12.2 grub2-debuginfo-2.02-150000.122.12.2 grub2-debugsource-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-150000.122.12.2 grub2-x86_64-efi-2.02-150000.122.12.2 grub2-x86_64-xen-2.02-150000.122.12.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-150000.122.12.2 grub2-systemd-sleep-plugin-2.02-150000.122.12.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 13:22:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 15:22:26 +0200 (CEST) Subject: SUSE-SU-2022:2038-1: important: Security update for grub2 Message-ID: <20220610132226.CD5E2F386@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2038-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2038=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2038=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2038=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2038=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2038=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-143.2 grub2-systemd-sleep-plugin-2.02-143.2 grub2-x86_64-xen-2.02-143.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-143.2 grub2-debuginfo-2.02-143.2 grub2-debugsource-2.02-143.2 grub2-i386-pc-2.02-143.2 grub2-x86_64-efi-2.02-143.2 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-143.2 grub2-debuginfo-2.02-143.2 grub2-debugsource-2.02-143.2 grub2-i386-pc-2.02-143.2 grub2-x86_64-efi-2.02-143.2 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-143.2 grub2-systemd-sleep-plugin-2.02-143.2 grub2-x86_64-xen-2.02-143.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-143.2 grub2-debuginfo-2.02-143.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-143.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-143.2 grub2-i386-pc-2.02-143.2 grub2-x86_64-efi-2.02-143.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-143.2 grub2-systemd-sleep-plugin-2.02-143.2 grub2-x86_64-xen-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-143.2 grub2-debuginfo-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-143.2 grub2-systemd-sleep-plugin-2.02-143.2 grub2-x86_64-xen-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-143.2 grub2-x86_64-efi-2.02-143.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-143.2 grub2-debuginfo-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-143.2 grub2-x86_64-efi-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-143.2 grub2-systemd-sleep-plugin-2.02-143.2 grub2-x86_64-xen-2.02-143.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-143.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 10 16:16:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 18:16:15 +0200 (CEST) Subject: SUSE-SU-2022:2044-1: important: Security update for google-gson Message-ID: <20220610161615.A31EEF386@maintenance.suse.de> SUSE Security Update: Security update for google-gson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2044-1 Rating: important References: #1199064 SLE-24261 Cross-References: CVE-2022-25647 CVSS scores: CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2044=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2044=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2044=1 Package List: - openSUSE Leap 15.4 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - openSUSE Leap 15.3 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - SUSE Manager Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Retail Branch Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Proxy 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Enterprise Storage 7 (noarch): google-gson-2.8.9-150200.3.6.3 References: https://www.suse.com/security/cve/CVE-2022-25647.html https://bugzilla.suse.com/1199064 From sle-updates at lists.suse.com Fri Jun 10 19:14:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2022 21:14:29 +0200 (CEST) Subject: SUSE-RU-2022:2045-1: moderate: Recommended update for zypper Message-ID: <20220610191429.8B4AEF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2045-1 Rating: moderate References: #1196317 #1198139 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zypper fixes the following issues: - Improve return codes. (bsc#1198139) - info: Fix SEGV with not installed PTFs. (bsc#1196317) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2045=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): zypper-1.13.62-18.59.8 zypper-debuginfo-1.13.62-18.59.8 zypper-debugsource-1.13.62-18.59.8 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.62-18.59.8 References: https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1198139 From sle-updates at lists.suse.com Sat Jun 11 07:02:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jun 2022 09:02:57 +0200 (CEST) Subject: SUSE-IU-2022:671-1: Security update of suse-sles-15-sp3-chost-byos-v20220609-x86_64-gen2 Message-ID: <20220611070257.9E351F533@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220609-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:671-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220609-x86_64-gen2:20220609 Image Release : Severity : important Type : security References : 1028340 1040589 1071995 1080338 1118508 1137728 1152472 1152489 1173429 1177028 1179878 1182073 1183723 1187055 1189517 1191647 1192951 1193556 1193659 1193842 1193930 1194625 1195115 1195283 1195651 1195896 1195926 1196018 1196114 1196308 1196367 1196441 1196490 1196514 1196639 1196788 1196861 1196942 1197065 1197157 1197284 1197391 1197443 1197517 1197656 1197660 1197677 1197743 1197771 1197794 1197914 1197926 1197995 1198077 1198176 1198217 1198255 1198258 1198330 1198400 1198413 1198437 1198446 1198448 1198484 1198504 1198515 1198516 1198534 1198614 1198657 1198723 1198742 1198751 1198766 1198825 1198989 1199012 1199024 1199132 1199223 1199224 1199232 1199240 1199247 1199362 1199474 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2021-43565 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1304 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1586 CVE-2022-22576 CVE-2022-23308 CVE-2022-23648 CVE-2022-24769 CVE-2022-26691 CVE-2022-27191 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29155 CVE-2022-29156 CVE-2022-29824 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220609-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1687-1 Released: Mon May 16 13:58:33 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024,CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1752-1 Released: Thu May 19 15:51:22 2022 Summary: Recommended update for samba Type: recommended Severity: important References: 1080338,1118508,1173429,1195896,1196308,1196788,1197995,1198255,1199247,1199362 This update for samba provides the following fixes: Bugfixes: - Revert NIS support removal (bsc#1199247); - Update to meet last ldb2 version update (bsc#1199362). - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time (bsc#1199362). - Add provides to samba-client-libs package to fix upgrades from previous versions (bsc#1197995). - Add missing samba-client requirement to samba-winbind package (bsc#1198255). - Add missing samba-libs requirement to samba-winbind package (bsc#1198255). - Fixed mismatched version of libldb2 (bsc#1196788). - Dropped obsolete Samba fsrvp v0->v1 state upgrade functionality (bsc#1080338). - Fixed ntlm authentications with 'winbind use default domain = yes' (bsc#1173429, bsc#1196308). - Fixed samba-ad-dc status warning notification message by disabling systemd notifications in bgqd (bsc#1195896). - Fixed libldb version mismatch in Samba dsdb component (bsc#1118508). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2024-1 Released: Thu Jun 9 10:13:12 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1198258 This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) The following package changes have been done: - containerd-ctr-1.5.11-150000.68.1 updated - containerd-1.5.11-150000.68.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.33.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.14_ce-150000.163.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - glibc-locale-base-2.31-150300.26.5 updated - glibc-locale-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - grep-3.1-150000.4.6.1 updated - kernel-default-5.3.18-150300.59.68.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - pam-1.3.0-150000.6.58.3 updated - python-azure-agent-2.2.49.2-150100.3.23.1 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150300.3.32.1 updated - suse-build-key-12.0-150000.8.25.1 updated From sle-updates at lists.suse.com Sat Jun 11 07:16:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jun 2022 09:16:31 +0200 (CEST) Subject: SUSE-CU-2022:1319-1: Recommended update of bci/bci-init Message-ID: <20220611071631.7BAD0F533@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1319-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.15.34 Container Release : 15.34 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-27.8.1 updated From sle-updates at lists.suse.com Sat Jun 11 07:16:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jun 2022 09:16:51 +0200 (CEST) Subject: SUSE-CU-2022:1320-1: Recommended update of bci/python Message-ID: <20220611071651.E4ABFF533@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1320-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-3.32 Container Release : 3.32 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-27.8.1 updated From sle-updates at lists.suse.com Sat Jun 11 13:14:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jun 2022 15:14:48 +0200 (CEST) Subject: SUSE-SU-2022:2046-1: important: Security update for rubygem-sinatra Message-ID: <20220611131448.1CADEF533@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sinatra ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2046-1 Rating: important References: #1199138 Cross-References: CVE-2022-29970 CVSS scores: CVE-2022-29970 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-29970 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-sinatra fixes the following issues: - CVE-2022-29970: Fixed possible path traversal outside of public_dir when serving static files (bsc#1199138). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2046=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-sinatra-1.4.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-29970.html https://bugzilla.suse.com/1199138 From sle-updates at lists.suse.com Mon Jun 13 13:15:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:15:56 +0200 (CEST) Subject: SUSE-RU-2022:2048-1: moderate: Recommended update for zypper Message-ID: <20220613131556.B919DFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2048-1 Rating: moderate References: #1196317 #1198139 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zypper fixes the following issues: - Improve return codes. (bsc#1198139) - info: Fix SEGV with not installed PTFs. (bsc#1196317) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2048=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2048=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2048=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2048=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2048=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2048=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2048=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2048=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2048=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE OpenStack Cloud Crowbar 9 (noarch): zypper-log-1.13.62-21.46.5 - SUSE OpenStack Cloud Crowbar 8 (noarch): zypper-log-1.13.62-21.46.5 - SUSE OpenStack Cloud Crowbar 8 (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE OpenStack Cloud 9 (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE OpenStack Cloud 9 (noarch): zypper-log-1.13.62-21.46.5 - SUSE OpenStack Cloud 8 (noarch): zypper-log-1.13.62-21.46.5 - SUSE OpenStack Cloud 8 (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): zypper-log-1.13.62-21.46.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): zypper-log-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP5 (noarch): zypper-log-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): zypper-log-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): zypper-log-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): zypper-log-1.13.62-21.46.5 - HPE Helion Openstack 8 (x86_64): zypper-1.13.62-21.46.5 zypper-debuginfo-1.13.62-21.46.5 zypper-debugsource-1.13.62-21.46.5 - HPE Helion Openstack 8 (noarch): zypper-log-1.13.62-21.46.5 References: https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1198139 From sle-updates at lists.suse.com Mon Jun 13 13:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:16:41 +0200 (CEST) Subject: SUSE-SU-2022:2053-1: important: Security update for u-boot Message-ID: <20220613131641.110C1FD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2053-1 Rating: important References: #1199623 #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2053=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2053=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.12.1 u-boot-tools-debuginfo-2021.01-150300.7.12.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.12.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.12.1 u-boot-bananapim64-2021.01-150300.7.12.1 u-boot-bananapim64-doc-2021.01-150300.7.12.1 u-boot-dragonboard410c-2021.01-150300.7.12.1 u-boot-dragonboard410c-doc-2021.01-150300.7.12.1 u-boot-dragonboard820c-2021.01-150300.7.12.1 u-boot-dragonboard820c-doc-2021.01-150300.7.12.1 u-boot-evb-rk3399-2021.01-150300.7.12.1 u-boot-evb-rk3399-doc-2021.01-150300.7.12.1 u-boot-firefly-rk3399-2021.01-150300.7.12.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.12.1 u-boot-geekbox-2021.01-150300.7.12.1 u-boot-geekbox-doc-2021.01-150300.7.12.1 u-boot-hikey-2021.01-150300.7.12.1 u-boot-hikey-doc-2021.01-150300.7.12.1 u-boot-khadas-vim-2021.01-150300.7.12.1 u-boot-khadas-vim-doc-2021.01-150300.7.12.1 u-boot-khadas-vim2-2021.01-150300.7.12.1 u-boot-khadas-vim2-doc-2021.01-150300.7.12.1 u-boot-libretech-ac-2021.01-150300.7.12.1 u-boot-libretech-ac-doc-2021.01-150300.7.12.1 u-boot-libretech-cc-2021.01-150300.7.12.1 u-boot-libretech-cc-doc-2021.01-150300.7.12.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.12.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.12.1 u-boot-mvebudb-88f3720-2021.01-150300.7.12.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.12.1 u-boot-mvebudbarmada8k-2021.01-150300.7.12.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.12.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.12.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.12.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.12.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.12.1 u-boot-nanopia64-2021.01-150300.7.12.1 u-boot-nanopia64-doc-2021.01-150300.7.12.1 u-boot-odroid-c2-2021.01-150300.7.12.1 u-boot-odroid-c2-doc-2021.01-150300.7.12.1 u-boot-odroid-c4-2021.01-150300.7.12.1 u-boot-odroid-c4-doc-2021.01-150300.7.12.1 u-boot-odroid-n2-2021.01-150300.7.12.1 u-boot-odroid-n2-doc-2021.01-150300.7.12.1 u-boot-orangepipc2-2021.01-150300.7.12.1 u-boot-orangepipc2-doc-2021.01-150300.7.12.1 u-boot-p2371-2180-2021.01-150300.7.12.1 u-boot-p2371-2180-doc-2021.01-150300.7.12.1 u-boot-p2771-0000-500-2021.01-150300.7.12.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.12.1 u-boot-p3450-0000-2021.01-150300.7.12.1 u-boot-p3450-0000-doc-2021.01-150300.7.12.1 u-boot-pine64plus-2021.01-150300.7.12.1 u-boot-pine64plus-doc-2021.01-150300.7.12.1 u-boot-pinebook-2021.01-150300.7.12.1 u-boot-pinebook-doc-2021.01-150300.7.12.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.12.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.12.1 u-boot-pineh64-2021.01-150300.7.12.1 u-boot-pineh64-doc-2021.01-150300.7.12.1 u-boot-pinephone-2021.01-150300.7.12.1 u-boot-pinephone-doc-2021.01-150300.7.12.1 u-boot-poplar-2021.01-150300.7.12.1 u-boot-poplar-doc-2021.01-150300.7.12.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.12.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.12.1 u-boot-rock64-rk3328-2021.01-150300.7.12.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.12.1 u-boot-rock960-rk3399-2021.01-150300.7.12.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.12.1 u-boot-rockpro64-rk3399-2021.01-150300.7.12.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.12.1 u-boot-rpi3-2021.01-150300.7.12.1 u-boot-rpi3-doc-2021.01-150300.7.12.1 u-boot-rpi4-2021.01-150300.7.12.1 u-boot-rpi4-doc-2021.01-150300.7.12.1 u-boot-rpiarm64-2021.01-150300.7.12.1 u-boot-rpiarm64-doc-2021.01-150300.7.12.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.12.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.12.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.12.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.12.1 u-boot-tools-debuginfo-2021.01-150300.7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.12.1 u-boot-rpiarm64-doc-2021.01-150300.7.12.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30767.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1199623 https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:17:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:17:22 +0200 (CEST) Subject: SUSE-SU-2022:2052-1: important: Security update for u-boot Message-ID: <20220613131722.61AAAFD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2052-1 Rating: important References: #1199623 #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2052=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64): u-boot-rpi3-2019.01-5.8.1 u-boot-tools-2019.01-5.8.1 u-boot-tools-debuginfo-2019.01-5.8.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30767.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1199623 https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:18:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:18:05 +0200 (CEST) Subject: SUSE-SU-2022:2047-1: moderate: Security update for netty3 Message-ID: <20220613131805.8ABFCFD9D@maintenance.suse.de> SUSE Security Update: Security update for netty3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2047-1 Rating: moderate References: #1193672 #1197787 Cross-References: CVE-2021-43797 CVSS scores: CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for netty3 fixes the following issues: - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2047=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2047=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2047=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2047=1 Package List: - openSUSE Leap 15.4 (noarch): netty3-3.10.6-150200.3.3.2 netty3-javadoc-3.10.6-150200.3.3.2 - openSUSE Leap 15.3 (noarch): netty3-3.10.6-150200.3.3.2 netty3-javadoc-3.10.6-150200.3.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): netty3-3.10.6-150200.3.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): netty3-3.10.6-150200.3.3.2 References: https://www.suse.com/security/cve/CVE-2021-43797.html https://bugzilla.suse.com/1193672 https://bugzilla.suse.com/1197787 From sle-updates at lists.suse.com Mon Jun 13 13:18:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:18:41 +0200 (CEST) Subject: SUSE-SU-2022:2055-1: important: Security update for u-boot Message-ID: <20220613131841.D0104FD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2055-1 Rating: important References: #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2055=1 Package List: - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): u-boot-rpi3-2018.03-4.6.1 u-boot-tools-2018.03-4.6.1 u-boot-tools-debuginfo-2018.03-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:19:20 +0200 (CEST) Subject: SUSE-SU-2022:2054-1: important: Security update for u-boot Message-ID: <20220613131920.CA452FD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2054-1 Rating: important References: #1199623 #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2054=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2054=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.5.1 u-boot-tools-debuginfo-2021.10-150400.4.5.1 - openSUSE Leap 15.4 (aarch64): u-boot-avnetultra96rev1-2021.10-150400.4.5.1 u-boot-avnetultra96rev1-doc-2021.10-150400.4.5.1 u-boot-bananapim64-2021.10-150400.4.5.1 u-boot-bananapim64-doc-2021.10-150400.4.5.1 u-boot-dragonboard410c-2021.10-150400.4.5.1 u-boot-dragonboard410c-doc-2021.10-150400.4.5.1 u-boot-dragonboard820c-2021.10-150400.4.5.1 u-boot-dragonboard820c-doc-2021.10-150400.4.5.1 u-boot-evb-rk3399-2021.10-150400.4.5.1 u-boot-evb-rk3399-doc-2021.10-150400.4.5.1 u-boot-firefly-rk3399-2021.10-150400.4.5.1 u-boot-firefly-rk3399-doc-2021.10-150400.4.5.1 u-boot-geekbox-2021.10-150400.4.5.1 u-boot-geekbox-doc-2021.10-150400.4.5.1 u-boot-hikey-2021.10-150400.4.5.1 u-boot-hikey-doc-2021.10-150400.4.5.1 u-boot-khadas-vim-2021.10-150400.4.5.1 u-boot-khadas-vim-doc-2021.10-150400.4.5.1 u-boot-khadas-vim2-2021.10-150400.4.5.1 u-boot-khadas-vim2-doc-2021.10-150400.4.5.1 u-boot-libretech-ac-2021.10-150400.4.5.1 u-boot-libretech-ac-doc-2021.10-150400.4.5.1 u-boot-libretech-cc-2021.10-150400.4.5.1 u-boot-libretech-cc-doc-2021.10-150400.4.5.1 u-boot-ls1012afrdmqspi-2021.10-150400.4.5.1 u-boot-ls1012afrdmqspi-doc-2021.10-150400.4.5.1 u-boot-mvebudb-88f3720-2021.10-150400.4.5.1 u-boot-mvebudb-88f3720-doc-2021.10-150400.4.5.1 u-boot-mvebudbarmada8k-2021.10-150400.4.5.1 u-boot-mvebudbarmada8k-doc-2021.10-150400.4.5.1 u-boot-mvebuespressobin-88f3720-2021.10-150400.4.5.1 u-boot-mvebuespressobin-88f3720-doc-2021.10-150400.4.5.1 u-boot-mvebumcbin-88f8040-2021.10-150400.4.5.1 u-boot-mvebumcbin-88f8040-doc-2021.10-150400.4.5.1 u-boot-nanopia64-2021.10-150400.4.5.1 u-boot-nanopia64-doc-2021.10-150400.4.5.1 u-boot-odroid-c2-2021.10-150400.4.5.1 u-boot-odroid-c2-doc-2021.10-150400.4.5.1 u-boot-odroid-c4-2021.10-150400.4.5.1 u-boot-odroid-c4-doc-2021.10-150400.4.5.1 u-boot-odroid-n2-2021.10-150400.4.5.1 u-boot-odroid-n2-doc-2021.10-150400.4.5.1 u-boot-orangepipc2-2021.10-150400.4.5.1 u-boot-orangepipc2-doc-2021.10-150400.4.5.1 u-boot-p2371-2180-2021.10-150400.4.5.1 u-boot-p2371-2180-doc-2021.10-150400.4.5.1 u-boot-p2771-0000-500-2021.10-150400.4.5.1 u-boot-p2771-0000-500-doc-2021.10-150400.4.5.1 u-boot-p3450-0000-2021.10-150400.4.5.1 u-boot-p3450-0000-doc-2021.10-150400.4.5.1 u-boot-pine64plus-2021.10-150400.4.5.1 u-boot-pine64plus-doc-2021.10-150400.4.5.1 u-boot-pinebook-2021.10-150400.4.5.1 u-boot-pinebook-doc-2021.10-150400.4.5.1 u-boot-pinebook-pro-rk3399-2021.10-150400.4.5.1 u-boot-pinebook-pro-rk3399-doc-2021.10-150400.4.5.1 u-boot-pineh64-2021.10-150400.4.5.1 u-boot-pineh64-doc-2021.10-150400.4.5.1 u-boot-pinephone-2021.10-150400.4.5.1 u-boot-pinephone-doc-2021.10-150400.4.5.1 u-boot-poplar-2021.10-150400.4.5.1 u-boot-poplar-doc-2021.10-150400.4.5.1 u-boot-rock-pi-4-rk3399-2021.10-150400.4.5.1 u-boot-rock-pi-4-rk3399-doc-2021.10-150400.4.5.1 u-boot-rock-pi-n10-rk3399pro-2021.10-150400.4.5.1 u-boot-rock-pi-n10-rk3399pro-doc-2021.10-150400.4.5.1 u-boot-rock64-rk3328-2021.10-150400.4.5.1 u-boot-rock64-rk3328-doc-2021.10-150400.4.5.1 u-boot-rock960-rk3399-2021.10-150400.4.5.1 u-boot-rock960-rk3399-doc-2021.10-150400.4.5.1 u-boot-rockpro64-rk3399-2021.10-150400.4.5.1 u-boot-rockpro64-rk3399-doc-2021.10-150400.4.5.1 u-boot-rpi3-2021.10-150400.4.5.1 u-boot-rpi3-doc-2021.10-150400.4.5.1 u-boot-rpi4-2021.10-150400.4.5.1 u-boot-rpi4-doc-2021.10-150400.4.5.1 u-boot-rpiarm64-2021.10-150400.4.5.1 u-boot-rpiarm64-doc-2021.10-150400.4.5.1 u-boot-xilinxzynqmpvirt-2021.10-150400.4.5.1 u-boot-xilinxzynqmpvirt-doc-2021.10-150400.4.5.1 u-boot-xilinxzynqmpzcu102rev10-2021.10-150400.4.5.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.10-150400.4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.5.1 u-boot-tools-debuginfo-2021.10-150400.4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): u-boot-rpiarm64-2021.10-150400.4.5.1 u-boot-rpiarm64-doc-2021.10-150400.4.5.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30767.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1199623 https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:20:08 +0200 (CEST) Subject: SUSE-SU-2022:2057-1: important: Security update for u-boot Message-ID: <20220613132008.58CBDFD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2057-1 Rating: important References: #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2057=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2057=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2057=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2057=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2057=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2057=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): u-boot-rpi3-2019.01-150100.7.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): u-boot-rpi3-2019.01-150100.7.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): u-boot-rpi3-2019.01-150100.7.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 - SUSE Enterprise Storage 6 (aarch64): u-boot-rpi3-2019.01-150100.7.13.1 - SUSE CaaS Platform 4.0 (x86_64): u-boot-tools-2019.01-150100.7.13.1 u-boot-tools-debuginfo-2019.01-150100.7.13.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:21:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:21:00 +0200 (CEST) Subject: SUSE-SU-2022:2056-1: important: Security update for u-boot Message-ID: <20220613132100.17100FD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2056-1 Rating: important References: #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2056=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2056=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2056=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2056=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2056=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2056=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2056=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2056=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2056=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2056=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2056=1 Package List: - openSUSE Leap 15.4 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1 - openSUSE Leap 15.3 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Manager Proxy 4.1 (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Enterprise Storage 7 (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 13:21:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 15:21:54 +0200 (CEST) Subject: SUSE-RU-2022:2049-1: moderate: Recommended update for binutils Message-ID: <20220613132154.96E4DFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2049-1 Rating: moderate References: #1191908 #1198422 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2049=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2049=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2049=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2049=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2049=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2049=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2049=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2049=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.34.1 binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-devel-2.37-150100.7.34.1 binutils-gold-2.37-150100.7.34.1 binutils-gold-debuginfo-2.37-150100.7.34.1 cross-arm-binutils-2.37-150100.7.34.1 cross-arm-binutils-debuginfo-2.37-150100.7.34.1 cross-arm-binutils-debugsource-2.37-150100.7.34.1 cross-avr-binutils-2.37-150100.7.34.1 cross-avr-binutils-debuginfo-2.37-150100.7.34.1 cross-avr-binutils-debugsource-2.37-150100.7.34.1 cross-epiphany-binutils-2.37-150100.7.34.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.34.1 cross-epiphany-binutils-debugsource-2.37-150100.7.34.1 cross-hppa-binutils-2.37-150100.7.34.1 cross-hppa-binutils-debuginfo-2.37-150100.7.34.1 cross-hppa-binutils-debugsource-2.37-150100.7.34.1 cross-hppa64-binutils-2.37-150100.7.34.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.34.1 cross-hppa64-binutils-debugsource-2.37-150100.7.34.1 cross-i386-binutils-2.37-150100.7.34.1 cross-i386-binutils-debuginfo-2.37-150100.7.34.1 cross-i386-binutils-debugsource-2.37-150100.7.34.1 cross-ia64-binutils-2.37-150100.7.34.1 cross-ia64-binutils-debuginfo-2.37-150100.7.34.1 cross-ia64-binutils-debugsource-2.37-150100.7.34.1 cross-m68k-binutils-2.37-150100.7.34.1 cross-m68k-binutils-debuginfo-2.37-150100.7.34.1 cross-m68k-binutils-debugsource-2.37-150100.7.34.1 cross-mips-binutils-2.37-150100.7.34.1 cross-mips-binutils-debuginfo-2.37-150100.7.34.1 cross-mips-binutils-debugsource-2.37-150100.7.34.1 cross-ppc-binutils-2.37-150100.7.34.1 cross-ppc-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc-binutils-debugsource-2.37-150100.7.34.1 cross-ppc64-binutils-2.37-150100.7.34.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc64-binutils-debugsource-2.37-150100.7.34.1 cross-riscv64-binutils-2.37-150100.7.34.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.34.1 cross-riscv64-binutils-debugsource-2.37-150100.7.34.1 cross-rx-binutils-2.37-150100.7.34.1 cross-rx-binutils-debuginfo-2.37-150100.7.34.1 cross-rx-binutils-debugsource-2.37-150100.7.34.1 cross-s390-binutils-2.37-150100.7.34.1 cross-s390-binutils-debuginfo-2.37-150100.7.34.1 cross-s390-binutils-debugsource-2.37-150100.7.34.1 cross-sparc-binutils-2.37-150100.7.34.1 cross-sparc-binutils-debuginfo-2.37-150100.7.34.1 cross-sparc-binutils-debugsource-2.37-150100.7.34.1 cross-sparc64-binutils-2.37-150100.7.34.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.34.1 cross-sparc64-binutils-debugsource-2.37-150100.7.34.1 cross-spu-binutils-2.37-150100.7.34.1 cross-spu-binutils-debuginfo-2.37-150100.7.34.1 cross-spu-binutils-debugsource-2.37-150100.7.34.1 libctf-nobfd0-2.37-150100.7.34.1 libctf-nobfd0-debuginfo-2.37-150100.7.34.1 libctf0-2.37-150100.7.34.1 libctf0-debuginfo-2.37-150100.7.34.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.34.1 cross-s390x-binutils-debuginfo-2.37-150100.7.34.1 cross-s390x-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.34.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.34.1 cross-x86_64-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.34.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.34.1 cross-aarch64-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.34.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.4 (x86_64): binutils-devel-32bit-2.37-150100.7.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.34.1 binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-devel-2.37-150100.7.34.1 binutils-gold-2.37-150100.7.34.1 binutils-gold-debuginfo-2.37-150100.7.34.1 bpftrace-0.11.4-150300.3.9.2 cross-arm-binutils-2.37-150100.7.34.1 cross-arm-binutils-debuginfo-2.37-150100.7.34.1 cross-arm-binutils-debugsource-2.37-150100.7.34.1 cross-avr-binutils-2.37-150100.7.34.1 cross-avr-binutils-debuginfo-2.37-150100.7.34.1 cross-avr-binutils-debugsource-2.37-150100.7.34.1 cross-epiphany-binutils-2.37-150100.7.34.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.34.1 cross-epiphany-binutils-debugsource-2.37-150100.7.34.1 cross-hppa-binutils-2.37-150100.7.34.1 cross-hppa-binutils-debuginfo-2.37-150100.7.34.1 cross-hppa-binutils-debugsource-2.37-150100.7.34.1 cross-hppa64-binutils-2.37-150100.7.34.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.34.1 cross-hppa64-binutils-debugsource-2.37-150100.7.34.1 cross-i386-binutils-2.37-150100.7.34.1 cross-i386-binutils-debuginfo-2.37-150100.7.34.1 cross-i386-binutils-debugsource-2.37-150100.7.34.1 cross-ia64-binutils-2.37-150100.7.34.1 cross-ia64-binutils-debuginfo-2.37-150100.7.34.1 cross-ia64-binutils-debugsource-2.37-150100.7.34.1 cross-m68k-binutils-2.37-150100.7.34.1 cross-m68k-binutils-debuginfo-2.37-150100.7.34.1 cross-m68k-binutils-debugsource-2.37-150100.7.34.1 cross-mips-binutils-2.37-150100.7.34.1 cross-mips-binutils-debuginfo-2.37-150100.7.34.1 cross-mips-binutils-debugsource-2.37-150100.7.34.1 cross-ppc-binutils-2.37-150100.7.34.1 cross-ppc-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc-binutils-debugsource-2.37-150100.7.34.1 cross-ppc64-binutils-2.37-150100.7.34.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc64-binutils-debugsource-2.37-150100.7.34.1 cross-riscv64-binutils-2.37-150100.7.34.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.34.1 cross-riscv64-binutils-debugsource-2.37-150100.7.34.1 cross-rx-binutils-2.37-150100.7.34.1 cross-rx-binutils-debuginfo-2.37-150100.7.34.1 cross-rx-binutils-debugsource-2.37-150100.7.34.1 cross-s390-binutils-2.37-150100.7.34.1 cross-s390-binutils-debuginfo-2.37-150100.7.34.1 cross-s390-binutils-debugsource-2.37-150100.7.34.1 cross-sparc-binutils-2.37-150100.7.34.1 cross-sparc-binutils-debuginfo-2.37-150100.7.34.1 cross-sparc-binutils-debugsource-2.37-150100.7.34.1 cross-sparc64-binutils-2.37-150100.7.34.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.34.1 cross-sparc64-binutils-debugsource-2.37-150100.7.34.1 cross-spu-binutils-2.37-150100.7.34.1 cross-spu-binutils-debuginfo-2.37-150100.7.34.1 cross-spu-binutils-debugsource-2.37-150100.7.34.1 libctf-nobfd0-2.37-150100.7.34.1 libctf-nobfd0-debuginfo-2.37-150100.7.34.1 libctf0-2.37-150100.7.34.1 libctf0-debuginfo-2.37-150100.7.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.34.1 cross-s390x-binutils-debuginfo-2.37-150100.7.34.1 cross-s390x-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.34.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.34.1 cross-x86_64-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.34.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.34.1 cross-aarch64-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.34.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.34.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.34.1 - openSUSE Leap 15.3 (noarch): bpftrace-tools-0.11.4-150300.3.9.2 - openSUSE Leap 15.3 (x86_64): binutils-devel-32bit-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-gold-2.37-150100.7.34.1 binutils-gold-debuginfo-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-gold-2.37-150100.7.34.1 binutils-gold-debuginfo-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): binutils-debugsource-2.37-150100.7.34.1 binutils-devel-32bit-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bpftrace-0.11.4-150300.3.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): bpftrace-tools-0.11.4-150300.3.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): binutils-debugsource-2.37-150100.7.34.1 binutils-devel-32bit-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.34.1 binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-devel-2.37-150100.7.34.1 libctf-nobfd0-2.37-150100.7.34.1 libctf-nobfd0-debuginfo-2.37-150100.7.34.1 libctf0-2.37-150100.7.34.1 libctf0-debuginfo-2.37-150100.7.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.34.1 binutils-debuginfo-2.37-150100.7.34.1 binutils-debugsource-2.37-150100.7.34.1 binutils-devel-2.37-150100.7.34.1 libctf-nobfd0-2.37-150100.7.34.1 libctf-nobfd0-debuginfo-2.37-150100.7.34.1 libctf0-2.37-150100.7.34.1 libctf0-debuginfo-2.37-150100.7.34.1 References: https://bugzilla.suse.com/1191908 https://bugzilla.suse.com/1198422 From sle-updates at lists.suse.com Mon Jun 13 16:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 18:16:20 +0200 (CEST) Subject: SUSE-SU-2022:2058-1: important: Security update for u-boot Message-ID: <20220613161620.EF03BFD9D@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2058-1 Rating: important References: #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2058=1 Package List: - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): u-boot-rpi3-2016.07-12.6.1 u-boot-tools-2016.07-12.6.1 u-boot-tools-debuginfo-2016.07-12.6.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364 From sle-updates at lists.suse.com Mon Jun 13 19:15:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:15:10 +0200 (CEST) Subject: SUSE-SU-2022:2062-1: important: Security update for MozillaThunderbird Message-ID: <20220613191510.261B3FD9D@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2062-1 Rating: important References: #1199768 #1200027 Cross-References: CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVSS scores: CVE-2022-1529 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1802 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1834 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2062=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2062=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2062=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2062=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2062=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2062=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 References: https://www.suse.com/security/cve/CVE-2022-1529.html https://www.suse.com/security/cve/CVE-2022-1802.html https://www.suse.com/security/cve/CVE-2022-1834.html https://www.suse.com/security/cve/CVE-2022-31736.html https://www.suse.com/security/cve/CVE-2022-31737.html https://www.suse.com/security/cve/CVE-2022-31738.html https://www.suse.com/security/cve/CVE-2022-31739.html https://www.suse.com/security/cve/CVE-2022-31740.html https://www.suse.com/security/cve/CVE-2022-31741.html https://www.suse.com/security/cve/CVE-2022-31742.html https://www.suse.com/security/cve/CVE-2022-31747.html https://bugzilla.suse.com/1199768 https://bugzilla.suse.com/1200027 From sle-updates at lists.suse.com Mon Jun 13 19:16:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:16:02 +0200 (CEST) Subject: SUSE-SU-2022:2064-1: important: Security update for grub2 Message-ID: <20220613191602.9D655FD9D@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2064-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198495 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2064=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2064=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2064=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2064=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2064=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.20.2 grub2-branding-upstream-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 - openSUSE Leap 15.3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.20.2 - openSUSE Leap 15.3 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-arm64-efi-debug-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-i386-pc-debug-2.04-150300.22.20.2 grub2-powerpc-ieee1275-2.04-150300.22.20.2 grub2-powerpc-ieee1275-debug-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-systemd-sleep-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 grub2-x86_64-efi-debug-2.04-150300.22.20.2 grub2-x86_64-xen-2.04-150300.22.20.2 - openSUSE Leap 15.3 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 grub2-s390x-emu-debug-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-powerpc-ieee1275-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-systemd-sleep-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): grub2-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 grub2-debugsource-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 grub2-x86_64-xen-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28735.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198495 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Jun 13 19:17:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:17:28 +0200 (CEST) Subject: SUSE-RU-2022:2060-1: moderate: Recommended update for geronimo-specs Message-ID: <20220613191728.B7E51FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for geronimo-specs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2060-1 Rating: moderate References: #1200426 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for geronimo-specs provides the following fix: - Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2060=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2060=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-2060=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2060=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2060=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2060=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2060=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2060=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2060=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2060=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2060=1 Package List: - openSUSE Leap 15.4 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-commonj-1_1-apis-1.2-150200.15.2.1 geronimo-corba-1_0-apis-1.2-150200.15.2.1 geronimo-corba-2_3-apis-1.2-150200.15.2.1 geronimo-ejb-2_1-api-1.2-150200.15.2.1 geronimo-ejb-3_0-api-1.2-150200.15.2.1 geronimo-el-1_0-api-1.2-150200.15.2.1 geronimo-interceptor-3_0-api-1.2-150200.15.2.1 geronimo-j2ee-1_4-apis-1.2-150200.15.2.1 geronimo-j2ee-connector-1_5-api-1.2-150200.15.2.1 geronimo-j2ee-deployment-1_1-api-1.2-150200.15.2.1 geronimo-j2ee-management-1_0-api-1.2-150200.15.2.1 geronimo-j2ee-management-1_1-api-1.2-150200.15.2.1 geronimo-jacc-1_0-api-1.2-150200.15.2.1 geronimo-jacc-1_1-api-1.2-150200.15.2.1 geronimo-jaf-1_0_2-api-1.2-150200.15.2.1 geronimo-jaf-1_1-api-1.2-150200.15.2.1 geronimo-javaee-deployment-1_1-api-1.2-150200.15.2.1 geronimo-javamail-1_3_1-api-1.2-150200.15.2.1 geronimo-javamail-1_4-api-1.2-150200.15.2.1 geronimo-jaxr-1_0-api-1.2-150200.15.2.1 geronimo-jaxrpc-1_1-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-jpa-3_0-api-1.2-150200.15.2.1 geronimo-jsp-2_0-api-1.2-150200.15.2.1 geronimo-jsp-2_1-api-1.2-150200.15.2.1 geronimo-jta-1_0_1B-api-1.2-150200.15.2.1 geronimo-jta-1_1-api-1.2-150200.15.2.1 geronimo-qname-1_1-api-1.2-150200.15.2.1 geronimo-saaj-1_1-api-1.2-150200.15.2.1 geronimo-servlet-2_4-api-1.2-150200.15.2.1 geronimo-servlet-2_5-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 geronimo-ws-metadata-2_0-api-1.2-150200.15.2.1 - openSUSE Leap 15.3 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-commonj-1_1-apis-1.2-150200.15.2.1 geronimo-corba-1_0-apis-1.2-150200.15.2.1 geronimo-corba-2_3-apis-1.2-150200.15.2.1 geronimo-ejb-2_1-api-1.2-150200.15.2.1 geronimo-ejb-3_0-api-1.2-150200.15.2.1 geronimo-el-1_0-api-1.2-150200.15.2.1 geronimo-interceptor-3_0-api-1.2-150200.15.2.1 geronimo-j2ee-1_4-apis-1.2-150200.15.2.1 geronimo-j2ee-connector-1_5-api-1.2-150200.15.2.1 geronimo-j2ee-deployment-1_1-api-1.2-150200.15.2.1 geronimo-j2ee-management-1_0-api-1.2-150200.15.2.1 geronimo-j2ee-management-1_1-api-1.2-150200.15.2.1 geronimo-jacc-1_0-api-1.2-150200.15.2.1 geronimo-jacc-1_1-api-1.2-150200.15.2.1 geronimo-jaf-1_0_2-api-1.2-150200.15.2.1 geronimo-jaf-1_1-api-1.2-150200.15.2.1 geronimo-javaee-deployment-1_1-api-1.2-150200.15.2.1 geronimo-javamail-1_3_1-api-1.2-150200.15.2.1 geronimo-javamail-1_4-api-1.2-150200.15.2.1 geronimo-jaxr-1_0-api-1.2-150200.15.2.1 geronimo-jaxrpc-1_1-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-jpa-3_0-api-1.2-150200.15.2.1 geronimo-jsp-2_0-api-1.2-150200.15.2.1 geronimo-jsp-2_1-api-1.2-150200.15.2.1 geronimo-jta-1_0_1B-api-1.2-150200.15.2.1 geronimo-jta-1_1-api-1.2-150200.15.2.1 geronimo-qname-1_1-api-1.2-150200.15.2.1 geronimo-saaj-1_1-api-1.2-150200.15.2.1 geronimo-servlet-2_4-api-1.2-150200.15.2.1 geronimo-servlet-2_5-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 geronimo-ws-metadata-2_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): geronimo-jta-1_1-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): geronimo-jta-1_1-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): geronimo-j2ee-1_4-apis-1.2-150200.15.2.1 geronimo-j2ee-connector-1_5-api-1.2-150200.15.2.1 geronimo-jaf-1_1-api-1.2-150200.15.2.1 geronimo-javamail-1_4-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-jsp-2_0-api-1.2-150200.15.2.1 geronimo-servlet-2_4-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): geronimo-j2ee-1_4-apis-1.2-150200.15.2.1 geronimo-j2ee-connector-1_5-api-1.2-150200.15.2.1 geronimo-jaf-1_1-api-1.2-150200.15.2.1 geronimo-javamail-1_4-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-jsp-2_0-api-1.2-150200.15.2.1 geronimo-servlet-2_4-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): geronimo-annotation-1_0-api-1.2-150200.15.2.1 geronimo-jms-1_1-api-1.2-150200.15.2.1 geronimo-stax-1_0-api-1.2-150200.15.2.1 References: https://bugzilla.suse.com/1200426 From sle-updates at lists.suse.com Mon Jun 13 19:18:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:18:09 +0200 (CEST) Subject: SUSE-RU-2022:2061-1: moderate: Recommended update for SUSEConnect Message-ID: <20220613191809.E9BF4FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2061-1 Rating: moderate References: #1196076 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSEConnect fixes the following issues: - Update to 0.3.34 - Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect. - Update to 0.3.33 - Add --keepalive command to send pings to SCC. - Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2061=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2061=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.34-150300.20.3.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.34-150300.20.3.3 References: https://bugzilla.suse.com/1196076 From sle-updates at lists.suse.com Mon Jun 13 19:18:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:18:48 +0200 (CEST) Subject: SUSE-SU-2022:2065-1: important: Security update for xen Message-ID: <20220613191848.6837DFD9D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2065-1 Rating: important References: #1027519 #1197426 #1199965 #1199966 Cross-References: CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2065=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2065=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2065=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2065=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2065=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_02-150300.3.29.1 xen-debugsource-4.14.5_02-150300.3.29.1 xen-devel-4.14.5_02-150300.3.29.1 xen-doc-html-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-4.14.5_02-150300.3.29.1 xen-tools-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-domU-4.14.5_02-150300.3.29.1 xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_02-150300.3.29.1 xen-libs-32bit-debuginfo-4.14.5_02-150300.3.29.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_02-150300.3.29.1 xen-debugsource-4.14.5_02-150300.3.29.1 xen-devel-4.14.5_02-150300.3.29.1 xen-tools-4.14.5_02-150300.3.29.1 xen-tools-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-domU-4.14.5_02-150300.3.29.1 xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 References: https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1197426 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 From sle-updates at lists.suse.com Mon Jun 13 19:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2022 21:19:42 +0200 (CEST) Subject: SUSE-SU-2022:2063-1: moderate: Security update for gimp Message-ID: <20220613191942.B965CFD9D@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2063-1 Rating: moderate References: #1199653 Cross-References: CVE-2022-30067 CVSS scores: CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2063=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2063=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2063=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gimp-2.10.12-150300.9.3.1 gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 gimp-plugin-aa-2.10.12-150300.9.3.1 gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - openSUSE Leap 15.3 (noarch): gimp-lang-2.10.12-150300.9.3.1 - openSUSE Leap 15.3 (x86_64): libgimp-2_0-0-32bit-2.10.12-150300.9.3.1 libgimp-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-32bit-2.10.12-150300.9.3.1 libgimpui-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gimp-2.10.12-150300.9.3.1 gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): gimp-lang-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64): gimp-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 gimp-plugin-aa-2.10.12-150300.9.3.1 gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): gimp-lang-2.10.12-150300.9.3.1 References: https://www.suse.com/security/cve/CVE-2022-30067.html https://bugzilla.suse.com/1199653 From sle-updates at lists.suse.com Tue Jun 14 07:41:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 09:41:03 +0200 (CEST) Subject: SUSE-CU-2022:1322-1: Recommended update of suse/sle15 Message-ID: <20220614074103.4AB38F389@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1322-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.631 Container Release : 6.2.631 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated From sle-updates at lists.suse.com Tue Jun 14 07:49:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 09:49:35 +0200 (CEST) Subject: SUSE-CU-2022:1323-1: Recommended update of bci/golang Message-ID: <20220614074935.63A3FF389@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1323-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-17.60 Container Release : 17.60 Severity : moderate Type : recommended References : 1191908 1192951 1193659 1195283 1196861 1197065 1198422 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) The following package changes have been done: - binutils-2.37-150100.7.34.1 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libctf-nobfd0-2.37-150100.7.34.1 updated - libctf0-2.37-150100.7.34.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.14 updated From sle-updates at lists.suse.com Tue Jun 14 07:52:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 09:52:23 +0200 (CEST) Subject: SUSE-CU-2022:1324-1: Recommended update of bci/golang Message-ID: <20220614075223.967B0F389@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1324-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.63 , bci/golang:latest Container Release : 7.63 Severity : moderate Type : recommended References : 1191908 1198422 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) The following package changes have been done: - binutils-2.37-150100.7.34.1 updated - libctf-nobfd0-2.37-150100.7.34.1 updated - libctf0-2.37-150100.7.34.1 updated - container:sles15-image-15.0.0-17.17.14 updated From sle-updates at lists.suse.com Tue Jun 14 10:15:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 12:15:55 +0200 (CEST) Subject: SUSE-RU-2022:2067-1: moderate: Recommended update for autofs Message-ID: <20220614101555.A5628FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2067-1 Rating: moderate References: #1191625 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes the following issues: - Take master map mutex for master map updates only. (bsc#1191625) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2067=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-3.11.1 autofs-debuginfo-5.1.3-3.11.1 autofs-debugsource-5.1.3-3.11.1 References: https://bugzilla.suse.com/1191625 From sle-updates at lists.suse.com Tue Jun 14 13:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:15:51 +0200 (CEST) Subject: SUSE-SU-2022:2074-1: important: Security update for grub2 Message-ID: <20220614131551.E3818FD9D@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2074-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198495 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2074=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2074=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2074=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2074=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2074=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2074=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2074=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2074=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2074=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 - SUSE Manager Server 4.1 (s390x x86_64): grub2-debugsource-2.04-150200.9.63.2 - SUSE Manager Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-powerpc-ieee1275-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Manager Server 4.1 (s390x): grub2-s390x-emu-2.04-150200.9.63.2 - SUSE Manager Retail Branch Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Manager Proxy 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Manager Proxy 4.1 (x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-powerpc-ieee1275-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-powerpc-ieee1275-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): grub2-s390x-emu-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): grub2-2.04-150200.9.63.2 grub2-debuginfo-2.04-150200.9.63.2 grub2-debugsource-2.04-150200.9.63.2 - SUSE Enterprise Storage 7 (noarch): grub2-arm64-efi-2.04-150200.9.63.2 grub2-i386-pc-2.04-150200.9.63.2 grub2-snapper-plugin-2.04-150200.9.63.2 grub2-systemd-sleep-plugin-2.04-150200.9.63.2 grub2-x86_64-efi-2.04-150200.9.63.2 grub2-x86_64-xen-2.04-150200.9.63.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28735.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198495 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jun 14 13:17:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:17:23 +0200 (CEST) Subject: SUSE-SU-2022:2070-1: important: Security update for python-Twisted Message-ID: <20220614131723.5A8B1FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2070-1 Rating: important References: #1196739 Cross-References: CVE-2022-21716 CVSS scores: CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2070=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2070=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2070=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2070=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2070=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2070=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2070=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2070=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2070=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2070=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2070=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2070=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2070=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python-Twisted-doc-19.10.0-150200.3.12.1 python2-Twisted-19.10.0-150200.3.12.1 python2-Twisted-debuginfo-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-21716.html https://bugzilla.suse.com/1196739 From sle-updates at lists.suse.com Tue Jun 14 13:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:18:01 +0200 (CEST) Subject: SUSE-SU-2022:2073-1: important: Security update for grub2 Message-ID: <20220614131801.6699EFD9D@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2073-1 Rating: important References: #1071559 #1159205 #1179981 #1189769 #1189874 #1191184 #1191185 #1191186 #1191504 #1191974 #1192522 #1192622 #1193282 #1193532 #1195204 #1197948 #1198460 #1198493 #1198495 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 14 fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Other bugs fixed: - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) - Fix wrong default entry when booting snapshot (bsc#1159205) - Add support for simplefb (boo#1193532). - Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559) - Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2073=1 Package List: - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): grub2-2.04-150300.3.5.1 grub2-debuginfo-2.04-150300.3.5.1 grub2-debugsource-2.04-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (noarch): grub2-arm64-efi-2.04-150300.3.5.1 grub2-i386-pc-2.04-150300.3.5.1 grub2-snapper-plugin-2.04-150300.3.5.1 grub2-x86_64-efi-2.04-150300.3.5.1 grub2-x86_64-xen-2.04-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (s390x): grub2-s390x-emu-2.04-150300.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28735.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1159205 https://bugzilla.suse.com/1179981 https://bugzilla.suse.com/1189769 https://bugzilla.suse.com/1189874 https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1191504 https://bugzilla.suse.com/1191974 https://bugzilla.suse.com/1192522 https://bugzilla.suse.com/1192622 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1193532 https://bugzilla.suse.com/1195204 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198495 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jun 14 13:20:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:20:20 +0200 (CEST) Subject: SUSE-SU-2022:2068-1: important: Security update for openssl-1_1 Message-ID: <20220614132020.8EE3CFD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2068-1 Rating: important References: #1185637 #1199166 Cross-References: CVE-2022-1292 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2068=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2068=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2068=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2068=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2068=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2068=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.30.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-1.1.0i-150100.14.30.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-1.1.0i-150100.14.30.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.30.1 openssl-1_1-1.1.0i-150100.14.30.1 openssl-1_1-debuginfo-1.1.0i-150100.14.30.1 openssl-1_1-debugsource-1.1.0i-150100.14.30.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 From sle-updates at lists.suse.com Tue Jun 14 13:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:21:03 +0200 (CEST) Subject: SUSE-SU-2022:2075-1: important: Security update for openssl-1_1 Message-ID: <20220614132103.D8BB9FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2075-1 Rating: important References: #1185637 #1199166 Cross-References: CVE-2022-1292 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2075=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2075=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2075=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2075=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.69.1 libopenssl1_1-1.1.0i-150000.4.69.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-1.1.0i-150000.4.69.1 openssl-1_1-1.1.0i-150000.4.69.1 openssl-1_1-debuginfo-1.1.0i-150000.4.69.1 openssl-1_1-debugsource-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.69.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-150000.4.69.1 libopenssl1_1-1.1.0i-150000.4.69.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-1.1.0i-150000.4.69.1 openssl-1_1-1.1.0i-150000.4.69.1 openssl-1_1-debuginfo-1.1.0i-150000.4.69.1 openssl-1_1-debugsource-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.69.1 libopenssl1_1-1.1.0i-150000.4.69.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-1.1.0i-150000.4.69.1 openssl-1_1-1.1.0i-150000.4.69.1 openssl-1_1-debuginfo-1.1.0i-150000.4.69.1 openssl-1_1-debugsource-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.69.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150000.4.69.1 libopenssl1_1-1.1.0i-150000.4.69.1 libopenssl1_1-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-1.1.0i-150000.4.69.1 openssl-1_1-1.1.0i-150000.4.69.1 openssl-1_1-debuginfo-1.1.0i-150000.4.69.1 openssl-1_1-debugsource-1.1.0i-150000.4.69.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-150000.4.69.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150000.4.69.1 libopenssl1_1-hmac-32bit-1.1.0i-150000.4.69.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 From sle-updates at lists.suse.com Tue Jun 14 13:21:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:21:49 +0200 (CEST) Subject: SUSE-SU-2022:2071-1: important: Security update for webkit2gtk3 Message-ID: <20220614132149.74C2BFD9D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2071-1 Rating: important References: #1199287 #1200106 Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVSS scores: CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2071=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2071=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2071=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2071=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1 webkit-jsc-4-2.36.3-150400.4.3.1 webkit-jsc-4-debuginfo-2.36.3-150400.4.3.1 webkit-jsc-4.1-2.36.3-150400.4.3.1 webkit-jsc-4.1-debuginfo-2.36.3-150400.4.3.1 webkit-jsc-5.0-2.36.3-150400.4.3.1 webkit-jsc-5.0-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-devel-2.36.3-150400.4.3.1 webkit2gtk3-minibrowser-2.36.3-150400.4.3.1 webkit2gtk3-minibrowser-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1 webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.3-150400.4.3.1 webkit2gtk4-debugsource-2.36.3-150400.4.3.1 webkit2gtk4-devel-2.36.3-150400.4.3.1 webkit2gtk4-minibrowser-2.36.3-150400.4.3.1 webkit2gtk4-minibrowser-debuginfo-2.36.3-150400.4.3.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1 WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1 WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk4-debugsource-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-devel-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-26700.html https://www.suse.com/security/cve/CVE-2022-26709.html https://www.suse.com/security/cve/CVE-2022-26716.html https://www.suse.com/security/cve/CVE-2022-26717.html https://www.suse.com/security/cve/CVE-2022-26719.html https://www.suse.com/security/cve/CVE-2022-30293.html https://bugzilla.suse.com/1199287 https://bugzilla.suse.com/1200106 From sle-updates at lists.suse.com Tue Jun 14 13:22:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2022 15:22:44 +0200 (CEST) Subject: SUSE-SU-2022:2072-1: important: Security update for webkit2gtk3 Message-ID: <20220614132244.E39B9FD9D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2072-1 Rating: important References: #1199287 #1200106 Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVSS scores: CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2072=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2072=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2072=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2072=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2072=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2072=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2072=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2072=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2072=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2072=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2072=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2072=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2072=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit-jsc-4-2.36.3-150200.35.1 webkit-jsc-4-debuginfo-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 webkit2gtk3-minibrowser-2.36.3-150200.35.1 webkit2gtk3-minibrowser-debuginfo-2.36.3-150200.35.1 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-32bit-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150200.35.1 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150200.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-2.36.3-150200.35.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150200.35.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2-4_0-2.36.3-150200.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-2.36.3-150200.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150200.35.1 webkit2gtk3-debugsource-2.36.3-150200.35.1 webkit2gtk3-devel-2.36.3-150200.35.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.36.3-150200.35.1 References: https://www.suse.com/security/cve/CVE-2022-26700.html https://www.suse.com/security/cve/CVE-2022-26709.html https://www.suse.com/security/cve/CVE-2022-26716.html https://www.suse.com/security/cve/CVE-2022-26717.html https://www.suse.com/security/cve/CVE-2022-26719.html https://www.suse.com/security/cve/CVE-2022-30293.html https://bugzilla.suse.com/1199287 https://bugzilla.suse.com/1200106 From sle-updates at lists.suse.com Tue Jun 14 22:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:16:41 +0200 (CEST) Subject: SUSE-SU-2022:2077-1: important: Security update for the Linux Kernel Message-ID: <20220614221641.B4A6DF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2077-1 Rating: important References: #1055710 #1065729 #1084513 #1087082 #1126703 #1158266 #1173265 #1182171 #1183646 #1183723 #1187055 #1191647 #1196426 #1197343 #1198031 #1198032 #1198516 #1198577 #1198660 #1198687 #1198742 #1199012 #1199063 #1199426 #1199505 #1199507 #1199605 #1199650 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2018-20784 CVE-2018-7755 CVE-2019-19377 CVE-2020-10769 CVE-2021-20292 CVE-2021-20321 CVE-2021-28688 CVE-2021-33061 CVE-2021-38208 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-28388 CVE-2022-28390 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-20784 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20784 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10769 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10769 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 29 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bnc#1126703). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2020-10769: Fixed a buffer over-read flaw in the IPsec Cryptographic algorithm's module. This flaw allowed a local attacker with user privileges to cause a denial of service. (bnc#1173265) - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - x86/speculation: Fix redundant MDS mitigation message (bsc#1199650). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2077=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.175.2 kernel-default-base-4.4.121-92.175.2 kernel-default-base-debuginfo-4.4.121-92.175.2 kernel-default-debuginfo-4.4.121-92.175.2 kernel-default-debugsource-4.4.121-92.175.2 kernel-default-devel-4.4.121-92.175.2 kernel-syms-4.4.121-92.175.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.175.2 kernel-macros-4.4.121-92.175.2 kernel-source-4.4.121-92.175.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-20784.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1126703 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Tue Jun 14 22:20:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:20:09 +0200 (CEST) Subject: SUSE-SU-2022:2080-1: important: Security update for the Linux Kernel Message-ID: <20220614222009.0504CF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2080-1 Rating: important References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1162338 #1162369 #1173871 #1188885 #1194124 #1195612 #1195651 #1196426 #1196570 #1197219 #1197601 #1198438 #1198577 #1198899 #1198989 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199505 #1199507 #1199526 #1199602 #1199605 #1199606 #1199631 #1199650 #1199671 #1199839 #1200015 #1200045 #1200057 #1200143 #1200144 #1200173 #1200249 Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-24448 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 27 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770) - arm64: set plt* section addresses to 0x0 (git-fixes) - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes) - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes) - arm64: avoid -Woverride-init warning (git-fixes) - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too. - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes) - arm64: compat: Reduce address limit (git-fixes) - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes) - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes) - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes) - arm64: csum: Fix handling of bad packets (git-fixes) - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes) - arm64: debug: Ensure debug handlers check triggering exception level (git-fixes) - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes) - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: Fix HCR.TGE status for NMI contexts (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: Fix size of __early_cpu_boot_status (git-fixes) - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes) - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes) - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes) - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes) - arm64: futex: Restore oldval initialization to work around buggy (git-fixes) - arm64: hibernate: check pgd table allocation (git-fixes) - arm64: hugetlb: avoid potential NULL dereference (git-fixes) - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes) - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes) - arm64: kdump: update ppos when reading elfcorehdr (git-fixes) - arm64: kgdb: Fix single-step exception handling oops (git-fixes) - arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: Relax GIC version check during early boot (git-fixes) - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes) - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes) - arm64: smp: fix smp_send_stop() behaviour (git-fixes) - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: handle non-remapped addresses in ->mmap and (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes) - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601). - crypto: virtio - deal with unsupported input sizes (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770) - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes). - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes). - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes). - i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes). - i40e: Remove scheduling while atomic possibility (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes). - lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline. - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899). - media: cpia2: fix control-message timeouts (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: em28xx: fix control-message timeouts. - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: vim2m: Remove surplus name initialization (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - PCI / ACPI: Mark expected switch fall-through (git-fixes). - PCI: Do not enable AtomicOps on VFs (bsc#1129770) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - qed: display VF trust config (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - sched/core: Add __sched tag for io_schedule() (git-fixes) - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - USB: cdc-wdm: fix reading stuck on device close (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Do not send unintended link state change (git-fixes). - USB: hub: Fix locking issues with address0_mutex (git-fixes). - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - video: backlight: Drop maximum brightness override for brightness (bsc#1129770) - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770) - vxlan: fix memleak of fdb (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2080=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.100.1 kernel-source-azure-4.12.14-16.100.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.100.2 kernel-azure-base-4.12.14-16.100.2 kernel-azure-base-debuginfo-4.12.14-16.100.2 kernel-azure-debuginfo-4.12.14-16.100.2 kernel-azure-debugsource-4.12.14-16.100.2 kernel-azure-devel-4.12.14-16.100.2 kernel-syms-azure-4.12.14-16.100.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1162338 https://bugzilla.suse.com/1162369 https://bugzilla.suse.com/1173871 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1194124 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198899 https://bugzilla.suse.com/1198989 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199237 https://bugzilla.suse.com/1199239 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199526 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199671 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200057 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200173 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Tue Jun 14 22:24:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:24:30 +0200 (CEST) Subject: SUSE-SU-2022:2082-1: important: Security update for the Linux Kernel Message-ID: <20220614222430.691FFF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2082-1 Rating: important References: #1051510 #1055710 #1065729 #1084513 #1087082 #1126703 #1158266 #1173265 #1182171 #1183646 #1183723 #1187055 #1191647 #1195651 #1196426 #1197343 #1198031 #1198032 #1198516 #1198577 #1198660 #1198687 #1198742 #1198962 #1198997 #1199012 #1199063 #1199314 #1199426 #1199505 #1199507 #1199605 #1199650 #1199785 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2018-20784 CVE-2018-7755 CVE-2019-19377 CVE-2020-10769 CVE-2021-20292 CVE-2021-20321 CVE-2021-28688 CVE-2021-33061 CVE-2021-38208 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-28388 CVE-2022-28390 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-20784 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20784 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10769 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10769 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2020-10769: Fixed a buffer over-read flaw in the IPsec Cryptographic algorithm's module. This flaw allowed a local attacker with user privileges to cause a denial of service. (bnc#1173265) - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bnc#1126703). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - vmbus: do not return values for uninitalized channels (bsc#1051510 bsc#1198997). - vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1199785). - x86/hyperv: Read TSC frequency from a synthetic MSR (bsc#1198962). - x86/speculation: Fix redundant MDS mitigation message (bsc#1199650). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2082=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2082=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2082=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2082=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2082=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-2082=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2082=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-default-kgraft-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 kgraft-patch-4_4_180-94_164-default-1-4.3.2 kgraft-patch-4_4_180-94_164-default-debuginfo-1-4.3.2 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-default-kgraft-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 kgraft-patch-4_4_180-94_164-default-1-4.3.2 kgraft-patch-4_4_180-94_164-default-debuginfo-1-4.3.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-default-kgraft-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 kgraft-patch-4_4_180-94_164-default-1-4.3.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): kgraft-patch-4_4_180-94_164-default-debuginfo-1-4.3.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.164.3 kgraft-patch-4_4_180-94_164-default-1-4.3.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): kgraft-patch-4_4_180-94_164-default-debuginfo-1-4.3.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.164.3 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.164.3 cluster-md-kmp-default-debuginfo-4.4.180-94.164.3 dlm-kmp-default-4.4.180-94.164.3 dlm-kmp-default-debuginfo-4.4.180-94.164.3 gfs2-kmp-default-4.4.180-94.164.3 gfs2-kmp-default-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 ocfs2-kmp-default-4.4.180-94.164.3 ocfs2-kmp-default-debuginfo-4.4.180-94.164.3 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.164.3 kernel-default-base-4.4.180-94.164.3 kernel-default-base-debuginfo-4.4.180-94.164.3 kernel-default-debuginfo-4.4.180-94.164.3 kernel-default-debugsource-4.4.180-94.164.3 kernel-default-devel-4.4.180-94.164.3 kernel-default-kgraft-4.4.180-94.164.3 kernel-syms-4.4.180-94.164.2 kgraft-patch-4_4_180-94_164-default-1-4.3.2 kgraft-patch-4_4_180-94_164-default-debuginfo-1-4.3.2 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.164.2 kernel-macros-4.4.180-94.164.2 kernel-source-4.4.180-94.164.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-20784.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1126703 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198962 https://bugzilla.suse.com/1198997 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199785 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Tue Jun 14 22:28:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:28:22 +0200 (CEST) Subject: SUSE-SU-2022:2081-1: important: Security update for 389-ds Message-ID: <20220614222822.306FEF78A@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2081-1 Rating: important References: #1195324 #1199889 Cross-References: CVE-2021-4091 CVE-2022-1949 CVSS scores: CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2081=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2081=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-snmp-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-snmp-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1 lib389-1.4.4.19~git38.9951c1101-150300.3.17.1 libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1 libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-debugsource-1.4.4.19~git38.9951c1101-150300.3.17.1 389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1 lib389-1.4.4.19~git38.9951c1101-150300.3.17.1 libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1 libsvrcore0-debuginfo-1.4.4.19~git38.9951c1101-150300.3.17.1 References: https://www.suse.com/security/cve/CVE-2021-4091.html https://www.suse.com/security/cve/CVE-2022-1949.html https://bugzilla.suse.com/1195324 https://bugzilla.suse.com/1199889 From sle-updates at lists.suse.com Tue Jun 14 22:29:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:29:15 +0200 (CEST) Subject: SUSE-SU-2022:2079-1: important: Security update for the Linux Kernel Message-ID: <20220614222915.E07E8F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2079-1 Rating: important References: #1055117 #1061840 #1065729 #1103269 #1118212 #1152472 #1152489 #1153274 #1154353 #1156395 #1158266 #1167773 #1176447 #1178134 #1180100 #1183405 #1188885 #1195612 #1195651 #1195826 #1196426 #1196478 #1196570 #1196840 #1197446 #1197472 #1197601 #1197675 #1198438 #1198534 #1198577 #1198971 #1198989 #1199035 #1199052 #1199063 #1199114 #1199314 #1199505 #1199507 #1199564 #1199626 #1199631 #1199650 #1199670 #1199839 #1200019 #1200045 #1200046 #1200192 #1200216 SLE-13521 SLE-16387 Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1972 CVE-2022-20008 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-24448 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - Fix double fget() in vhost_net_set_backend() (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2079=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2079=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.59.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.59.1 dlm-kmp-azure-5.3.18-150300.38.59.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.59.1 gfs2-kmp-azure-5.3.18-150300.38.59.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1 kernel-azure-5.3.18-150300.38.59.1 kernel-azure-debuginfo-5.3.18-150300.38.59.1 kernel-azure-debugsource-5.3.18-150300.38.59.1 kernel-azure-devel-5.3.18-150300.38.59.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1 kernel-azure-extra-5.3.18-150300.38.59.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.59.1 kernel-azure-livepatch-devel-5.3.18-150300.38.59.1 kernel-azure-optional-5.3.18-150300.38.59.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.59.1 kernel-syms-azure-5.3.18-150300.38.59.1 kselftests-kmp-azure-5.3.18-150300.38.59.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.59.1 ocfs2-kmp-azure-5.3.18-150300.38.59.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.59.1 reiserfs-kmp-azure-5.3.18-150300.38.59.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.59.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.59.1 kernel-source-azure-5.3.18-150300.38.59.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.59.1 kernel-source-azure-5.3.18-150300.38.59.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.59.1 kernel-azure-debuginfo-5.3.18-150300.38.59.1 kernel-azure-debugsource-5.3.18-150300.38.59.1 kernel-azure-devel-5.3.18-150300.38.59.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.59.1 kernel-syms-azure-5.3.18-150300.38.59.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2022-0168.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1118212 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1195826 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196840 https://bugzilla.suse.com/1197446 https://bugzilla.suse.com/1197472 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198534 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1198989 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199052 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199114 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1199626 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200019 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200046 https://bugzilla.suse.com/1200192 https://bugzilla.suse.com/1200216 From sle-updates at lists.suse.com Tue Jun 14 22:34:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 00:34:31 +0200 (CEST) Subject: SUSE-SU-2022:2078-1: important: Security update for the Linux Kernel Message-ID: <20220614223431.12D7FF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2078-1 Rating: important References: #1055117 #1061840 #1065729 #1103269 #1118212 #1153274 #1154353 #1156395 #1158266 #1167773 #1176447 #1178134 #1180100 #1183405 #1188885 #1195826 #1196426 #1196478 #1196570 #1196840 #1197446 #1197472 #1197601 #1197675 #1198438 #1198577 #1198971 #1198989 #1199035 #1199052 #1199063 #1199114 #1199314 #1199505 #1199507 #1199564 #1199626 #1199631 #1199650 #1199670 #1199839 #1200019 #1200045 #1200046 #1200192 #1200216 SLE-13521 SLE-16387 Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1972 CVE-2022-20008 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains two features and has 32 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2078=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2078=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2078=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2078=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2078=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2078=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2078=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2078=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2078=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2078=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.71.2 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 dlm-kmp-preempt-5.3.18-150300.59.71.2 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 gfs2-kmp-preempt-5.3.18-150300.59.71.2 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-5.3.18-150300.59.71.2 kernel-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debugsource-5.3.18-150300.59.71.2 kernel-preempt-devel-5.3.18-150300.59.71.2 kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-extra-5.3.18-150300.59.71.2 kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2 kernel-preempt-optional-5.3.18-150300.59.71.2 kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2 kselftests-kmp-preempt-5.3.18-150300.59.71.2 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 ocfs2-kmp-preempt-5.3.18-150300.59.71.2 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 reiserfs-kmp-preempt-5.3.18-150300.59.71.2 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.71.1 dtb-zte-5.3.18-150300.59.71.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.71.2 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2 dlm-kmp-default-5.3.18-150300.59.71.2 dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2 gfs2-kmp-default-5.3.18-150300.59.71.2 gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-5.3.18-150300.59.71.2 kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2 kernel-default-base-rebuild-5.3.18-150300.59.71.2.150300.18.43.2 kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 kernel-default-devel-5.3.18-150300.59.71.2 kernel-default-devel-debuginfo-5.3.18-150300.59.71.2 kernel-default-extra-5.3.18-150300.59.71.2 kernel-default-extra-debuginfo-5.3.18-150300.59.71.2 kernel-default-livepatch-5.3.18-150300.59.71.2 kernel-default-livepatch-devel-5.3.18-150300.59.71.2 kernel-default-optional-5.3.18-150300.59.71.2 kernel-default-optional-debuginfo-5.3.18-150300.59.71.2 kernel-obs-build-5.3.18-150300.59.71.2 kernel-obs-build-debugsource-5.3.18-150300.59.71.2 kernel-obs-qa-5.3.18-150300.59.71.1 kernel-syms-5.3.18-150300.59.71.1 kselftests-kmp-default-5.3.18-150300.59.71.2 kselftests-kmp-default-debuginfo-5.3.18-150300.59.71.2 ocfs2-kmp-default-5.3.18-150300.59.71.2 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2 reiserfs-kmp-default-5.3.18-150300.59.71.2 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.71.2 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 dlm-kmp-preempt-5.3.18-150300.59.71.2 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 gfs2-kmp-preempt-5.3.18-150300.59.71.2 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-5.3.18-150300.59.71.2 kernel-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debugsource-5.3.18-150300.59.71.2 kernel-preempt-devel-5.3.18-150300.59.71.2 kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-extra-5.3.18-150300.59.71.2 kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-livepatch-devel-5.3.18-150300.59.71.2 kernel-preempt-optional-5.3.18-150300.59.71.2 kernel-preempt-optional-debuginfo-5.3.18-150300.59.71.2 kselftests-kmp-preempt-5.3.18-150300.59.71.2 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 ocfs2-kmp-preempt-5.3.18-150300.59.71.2 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 reiserfs-kmp-preempt-5.3.18-150300.59.71.2 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.71.2 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.71.2 kernel-debug-debuginfo-5.3.18-150300.59.71.2 kernel-debug-debugsource-5.3.18-150300.59.71.2 kernel-debug-devel-5.3.18-150300.59.71.2 kernel-debug-devel-debuginfo-5.3.18-150300.59.71.2 kernel-debug-livepatch-devel-5.3.18-150300.59.71.2 kernel-kvmsmall-5.3.18-150300.59.71.2 kernel-kvmsmall-debuginfo-5.3.18-150300.59.71.2 kernel-kvmsmall-debugsource-5.3.18-150300.59.71.2 kernel-kvmsmall-devel-5.3.18-150300.59.71.2 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.71.2 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.71.2 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.71.2 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 dlm-kmp-64kb-5.3.18-150300.59.71.2 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 dtb-al-5.3.18-150300.59.71.1 dtb-allwinner-5.3.18-150300.59.71.1 dtb-altera-5.3.18-150300.59.71.1 dtb-amd-5.3.18-150300.59.71.1 dtb-amlogic-5.3.18-150300.59.71.1 dtb-apm-5.3.18-150300.59.71.1 dtb-arm-5.3.18-150300.59.71.1 dtb-broadcom-5.3.18-150300.59.71.1 dtb-cavium-5.3.18-150300.59.71.1 dtb-exynos-5.3.18-150300.59.71.1 dtb-freescale-5.3.18-150300.59.71.1 dtb-hisilicon-5.3.18-150300.59.71.1 dtb-lg-5.3.18-150300.59.71.1 dtb-marvell-5.3.18-150300.59.71.1 dtb-mediatek-5.3.18-150300.59.71.1 dtb-nvidia-5.3.18-150300.59.71.1 dtb-qcom-5.3.18-150300.59.71.1 dtb-renesas-5.3.18-150300.59.71.1 dtb-rockchip-5.3.18-150300.59.71.1 dtb-socionext-5.3.18-150300.59.71.1 dtb-sprd-5.3.18-150300.59.71.1 dtb-xilinx-5.3.18-150300.59.71.1 dtb-zte-5.3.18-150300.59.71.1 gfs2-kmp-64kb-5.3.18-150300.59.71.2 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 kernel-64kb-5.3.18-150300.59.71.2 kernel-64kb-debuginfo-5.3.18-150300.59.71.2 kernel-64kb-debugsource-5.3.18-150300.59.71.2 kernel-64kb-devel-5.3.18-150300.59.71.2 kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2 kernel-64kb-extra-5.3.18-150300.59.71.2 kernel-64kb-extra-debuginfo-5.3.18-150300.59.71.2 kernel-64kb-livepatch-devel-5.3.18-150300.59.71.2 kernel-64kb-optional-5.3.18-150300.59.71.2 kernel-64kb-optional-debuginfo-5.3.18-150300.59.71.2 kselftests-kmp-64kb-5.3.18-150300.59.71.2 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 ocfs2-kmp-64kb-5.3.18-150300.59.71.2 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 reiserfs-kmp-64kb-5.3.18-150300.59.71.2 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.71.2 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.71.2 kernel-docs-5.3.18-150300.59.71.2 kernel-docs-html-5.3.18-150300.59.71.2 kernel-macros-5.3.18-150300.59.71.2 kernel-source-5.3.18-150300.59.71.2 kernel-source-vanilla-5.3.18-150300.59.71.2 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.71.2 kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2 kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 kernel-default-extra-5.3.18-150300.59.71.2 kernel-default-extra-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debugsource-5.3.18-150300.59.71.2 kernel-preempt-extra-5.3.18-150300.59.71.2 kernel-preempt-extra-debuginfo-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 kernel-default-livepatch-5.3.18-150300.59.71.2 kernel-default-livepatch-devel-5.3.18-150300.59.71.2 kernel-livepatch-5_3_18-150300_59_71-default-1-150300.7.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 reiserfs-kmp-default-5.3.18-150300.59.71.2 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.71.2 kernel-obs-build-debugsource-5.3.18-150300.59.71.2 kernel-syms-5.3.18-150300.59.71.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debugsource-5.3.18-150300.59.71.2 kernel-preempt-devel-5.3.18-150300.59.71.2 kernel-preempt-devel-debuginfo-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.71.2 kernel-source-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.71.2 kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2 kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 kernel-default-devel-5.3.18-150300.59.71.2 kernel-default-devel-debuginfo-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.71.2 kernel-preempt-debuginfo-5.3.18-150300.59.71.2 kernel-preempt-debugsource-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.71.2 kernel-64kb-debuginfo-5.3.18-150300.59.71.2 kernel-64kb-debugsource-5.3.18-150300.59.71.2 kernel-64kb-devel-5.3.18-150300.59.71.2 kernel-64kb-devel-debuginfo-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.71.2 kernel-macros-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.71.2 kernel-zfcpdump-debuginfo-5.3.18-150300.59.71.2 kernel-zfcpdump-debugsource-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.71.2 kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2 kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.71.2 kernel-default-base-5.3.18-150300.59.71.2.150300.18.43.2 kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.71.2 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.71.2 dlm-kmp-default-5.3.18-150300.59.71.2 dlm-kmp-default-debuginfo-5.3.18-150300.59.71.2 gfs2-kmp-default-5.3.18-150300.59.71.2 gfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debuginfo-5.3.18-150300.59.71.2 kernel-default-debugsource-5.3.18-150300.59.71.2 ocfs2-kmp-default-5.3.18-150300.59.71.2 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.71.2 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2022-0168.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1118212 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1195826 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196840 https://bugzilla.suse.com/1197446 https://bugzilla.suse.com/1197472 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1198989 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199052 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199114 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1199626 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200019 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200046 https://bugzilla.suse.com/1200192 https://bugzilla.suse.com/1200216 From sle-updates at lists.suse.com Wed Jun 15 01:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 03:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2083-1: important: Security update for the Linux Kernel Message-ID: <20220615011621.C7CC8FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2083-1 Rating: important References: #1028340 #1065729 #1071995 #1114648 #1172456 #1182171 #1183723 #1187055 #1191647 #1191958 #1195651 #1196426 #1197099 #1197219 #1197343 #1198400 #1198516 #1198660 #1198687 #1198742 #1198825 #1199012 #1199063 #1199314 #1199399 #1199426 #1199505 #1199605 #1199650 SLE-24124 Cross-References: CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 CVSS scores: CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 19 vulnerabilities, contains one feature and has 10 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2083=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2083=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2083=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2083=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2083=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2083=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.99.2 kernel-macros-4.12.14-95.99.2 kernel-source-4.12.14-95.99.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.99.3 kernel-default-base-4.12.14-95.99.3 kernel-default-base-debuginfo-4.12.14-95.99.3 kernel-default-debuginfo-4.12.14-95.99.3 kernel-default-debugsource-4.12.14-95.99.3 kernel-default-devel-4.12.14-95.99.3 kernel-default-devel-debuginfo-4.12.14-95.99.3 kernel-syms-4.12.14-95.99.2 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.99.2 kernel-macros-4.12.14-95.99.2 kernel-source-4.12.14-95.99.2 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.99.3 kernel-default-base-4.12.14-95.99.3 kernel-default-base-debuginfo-4.12.14-95.99.3 kernel-default-debuginfo-4.12.14-95.99.3 kernel-default-debugsource-4.12.14-95.99.3 kernel-default-devel-4.12.14-95.99.3 kernel-default-devel-debuginfo-4.12.14-95.99.3 kernel-syms-4.12.14-95.99.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.99.3 kernel-default-base-4.12.14-95.99.3 kernel-default-base-debuginfo-4.12.14-95.99.3 kernel-default-debuginfo-4.12.14-95.99.3 kernel-default-debugsource-4.12.14-95.99.3 kernel-default-devel-4.12.14-95.99.3 kernel-syms-4.12.14-95.99.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.99.2 kernel-macros-4.12.14-95.99.2 kernel-source-4.12.14-95.99.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.99.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.99.3 kernel-default-base-4.12.14-95.99.3 kernel-default-base-debuginfo-4.12.14-95.99.3 kernel-default-debuginfo-4.12.14-95.99.3 kernel-default-debugsource-4.12.14-95.99.3 kernel-default-devel-4.12.14-95.99.3 kernel-syms-4.12.14-95.99.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.99.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.99.2 kernel-macros-4.12.14-95.99.2 kernel-source-4.12.14-95.99.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.99.3 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.99.3 kernel-default-kgraft-devel-4.12.14-95.99.3 kgraft-patch-4_12_14-95_99-default-1-6.3.3 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.99.3 cluster-md-kmp-default-debuginfo-4.12.14-95.99.3 dlm-kmp-default-4.12.14-95.99.3 dlm-kmp-default-debuginfo-4.12.14-95.99.3 gfs2-kmp-default-4.12.14-95.99.3 gfs2-kmp-default-debuginfo-4.12.14-95.99.3 kernel-default-debuginfo-4.12.14-95.99.3 kernel-default-debugsource-4.12.14-95.99.3 ocfs2-kmp-default-4.12.14-95.99.3 ocfs2-kmp-default-debuginfo-4.12.14-95.99.3 References: https://www.suse.com/security/cve/CVE-2019-20811.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2021-43389.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1172456 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1197099 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 From sle-updates at lists.suse.com Wed Jun 15 01:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 03:19:32 +0200 (CEST) Subject: SUSE-SU-2022:2084-1: important: Security update for xen Message-ID: <20220615011932.79869FD9D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2084-1 Rating: important References: #1199965 #1199966 Cross-References: CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2084=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2084=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_24-3.71.1 xen-devel-4.12.4_24-3.71.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_24-3.71.1 xen-debugsource-4.12.4_24-3.71.1 xen-doc-html-4.12.4_24-3.71.1 xen-libs-32bit-4.12.4_24-3.71.1 xen-libs-4.12.4_24-3.71.1 xen-libs-debuginfo-32bit-4.12.4_24-3.71.1 xen-libs-debuginfo-4.12.4_24-3.71.1 xen-tools-4.12.4_24-3.71.1 xen-tools-debuginfo-4.12.4_24-3.71.1 xen-tools-domU-4.12.4_24-3.71.1 xen-tools-domU-debuginfo-4.12.4_24-3.71.1 References: https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 From sle-updates at lists.suse.com Wed Jun 15 07:46:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 09:46:48 +0200 (CEST) Subject: SUSE-CU-2022:1325-1: Security update of suse/sle15 Message-ID: <20220615074648.EDB98F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1325-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.573 Container Release : 4.22.573 Severity : important Type : security References : 1185637 1199166 CVE-2022-1292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2075-1 Released: Tue Jun 14 12:00:56 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). The following package changes have been done: - libopenssl1_1-1.1.0i-150000.4.69.1 updated - openssl-1_1-1.1.0i-150000.4.69.1 updated From sle-updates at lists.suse.com Wed Jun 15 08:13:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 10:13:49 +0200 (CEST) Subject: SUSE-CU-2022:1326-1: Security update of suse/sle15 Message-ID: <20220615081349.AC2FAF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1326-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.632 Container Release : 6.2.632 Severity : important Type : security References : 1185637 1199166 CVE-2022-1292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.30.1 updated - openssl-1_1-1.1.0i-150100.14.30.1 updated From sle-updates at lists.suse.com Wed Jun 15 13:15:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 15:15:21 +0200 (CEST) Subject: SUSE-SU-2022:2089-1: important: Security update for webkit2gtk3 Message-ID: <20220615131521.3A5E6FD9D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2089-1 Rating: important References: #1199287 #1200106 Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVSS scores: CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2089=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2089=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2089=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2089=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2089=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2089=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2089=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2089=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2089=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2089=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2089=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2089=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2089=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 webkit2gtk3-devel-2.36.3-2.99.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 webkit2gtk3-devel-2.36.3-2.99.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.36.3-2.99.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-2.99.1 libwebkit2gtk-4_0-37-2.36.3-2.99.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-2.99.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2-4_0-2.36.3-2.99.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-2.36.3-2.99.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-2.99.1 webkit2gtk3-debugsource-2.36.3-2.99.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.36.3-2.99.1 References: https://www.suse.com/security/cve/CVE-2022-26700.html https://www.suse.com/security/cve/CVE-2022-26709.html https://www.suse.com/security/cve/CVE-2022-26716.html https://www.suse.com/security/cve/CVE-2022-26717.html https://www.suse.com/security/cve/CVE-2022-26719.html https://www.suse.com/security/cve/CVE-2022-30293.html https://bugzilla.suse.com/1199287 https://bugzilla.suse.com/1200106 From sle-updates at lists.suse.com Wed Jun 15 13:16:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 15:16:04 +0200 (CEST) Subject: SUSE-OU-2022:2085-1: moderate: Optional update for i2c-tools Message-ID: <20220615131604.82309FD9D@maintenance.suse.de> SUSE Optional Update: Optional update for i2c-tools ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:2085-1 Rating: moderate References: MSC-364 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update for i2c-tools provide the following changes: - Deliver i2c-tools to SUSE Package Hub. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2085=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2085=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2085=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): i2c-tools-4.0-150000.4.5.1 i2c-tools-debuginfo-4.0-150000.4.5.1 i2c-tools-debugsource-4.0-150000.4.5.1 libi2c0-4.0-150000.4.5.1 libi2c0-debuginfo-4.0-150000.4.5.1 libi2c0-devel-4.0-150000.4.5.1 python3-smbus-4.0-150000.4.5.1 python3-smbus-debuginfo-4.0-150000.4.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): i2c-tools-4.0-150000.4.5.1 i2c-tools-debuginfo-4.0-150000.4.5.1 i2c-tools-debugsource-4.0-150000.4.5.1 libi2c0-4.0-150000.4.5.1 libi2c0-debuginfo-4.0-150000.4.5.1 libi2c0-devel-4.0-150000.4.5.1 python3-smbus-4.0-150000.4.5.1 python3-smbus-debuginfo-4.0-150000.4.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le x86_64): i2c-tools-4.0-150000.4.5.1 i2c-tools-debuginfo-4.0-150000.4.5.1 i2c-tools-debugsource-4.0-150000.4.5.1 libi2c0-4.0-150000.4.5.1 libi2c0-debuginfo-4.0-150000.4.5.1 libi2c0-devel-4.0-150000.4.5.1 python3-smbus-4.0-150000.4.5.1 python3-smbus-debuginfo-4.0-150000.4.5.1 References: From sle-updates at lists.suse.com Wed Jun 15 13:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 15:16:32 +0200 (CEST) Subject: SUSE-RU-2022:2088-1: moderate: Recommended update for firewalld Message-ID: <20220615131632.5C2E3FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2088-1 Rating: moderate References: #1191837 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for firewalld fixes the following issues: - Fixes setting the default zone to external during installation problem (bsc#1191837) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2088=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2088=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2088=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2088=1 Package List: - openSUSE Leap 15.4 (noarch): firewall-applet-0.9.3-150400.8.3.19 firewall-config-0.9.3-150400.8.3.19 firewall-macros-0.9.3-150400.8.3.19 firewalld-0.9.3-150400.8.3.19 firewalld-lang-0.9.3-150400.8.3.19 python3-firewall-0.9.3-150400.8.3.19 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): firewall-macros-0.9.3-150400.8.3.19 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): firewall-applet-0.9.3-150400.8.3.19 firewall-config-0.9.3-150400.8.3.19 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): firewalld-0.9.3-150400.8.3.19 firewalld-lang-0.9.3-150400.8.3.19 python3-firewall-0.9.3-150400.8.3.19 References: https://bugzilla.suse.com/1191837 From sle-updates at lists.suse.com Wed Jun 15 13:17:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 15:17:08 +0200 (CEST) Subject: SUSE-OU-2022:2087-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220615131708.9D6A6FD9D@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:2087-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: rp-pppoe linux-atm ppp Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2087=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2087=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2087=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2087=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2087=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2087=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2087=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2087=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.8.1 ppp-debuginfo-2.4.7-150000.5.8.1 ppp-debugsource-2.4.7-150000.5.8.1 ppp-devel-2.4.7-150000.5.8.1 rp-pppoe-3.12-150000.6.3.2 rp-pppoe-debuginfo-3.12-150000.6.3.2 rp-pppoe-debugsource-3.12-150000.6.3.2 - openSUSE Leap 15.4 (noarch): ppp-modem-2.4.7-150000.5.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libatm1-2.5.2-150000.3.2.1 libatm1-debuginfo-2.5.2-150000.3.2.1 linux-atm-2.5.2-150000.3.2.1 linux-atm-debuginfo-2.5.2-150000.3.2.1 linux-atm-debugsource-2.5.2-150000.3.2.1 linux-atm-devel-2.5.2-150000.3.2.1 ppp-2.4.7-150000.5.8.1 ppp-debuginfo-2.4.7-150000.5.8.1 ppp-debugsource-2.4.7-150000.5.8.1 ppp-devel-2.4.7-150000.5.8.1 rp-pppoe-3.12-150000.6.3.2 rp-pppoe-debuginfo-3.12-150000.6.3.2 rp-pppoe-debugsource-3.12-150000.6.3.2 - openSUSE Leap 15.3 (noarch): ppp-modem-2.4.7-150000.5.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): rp-pppoe-3.12-150000.6.3.2 rp-pppoe-debuginfo-3.12-150000.6.3.2 rp-pppoe-debugsource-3.12-150000.6.3.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): rp-pppoe-3.12-150000.6.3.2 rp-pppoe-debuginfo-3.12-150000.6.3.2 rp-pppoe-debugsource-3.12-150000.6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): rp-pppoe-3.12-150000.6.3.2 rp-pppoe-debuginfo-3.12-150000.6.3.2 rp-pppoe-debugsource-3.12-150000.6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libatm1-2.5.2-150000.3.2.1 libatm1-debuginfo-2.5.2-150000.3.2.1 ppp-2.4.7-150000.5.8.1 ppp-debuginfo-2.4.7-150000.5.8.1 ppp-debugsource-2.4.7-150000.5.8.1 rp-pppoe-3.12-150000.6.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.8.1 ppp-debuginfo-2.4.7-150000.5.8.1 ppp-debugsource-2.4.7-150000.5.8.1 ppp-devel-2.4.7-150000.5.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libatm1-2.5.2-150000.3.2.1 libatm1-debuginfo-2.5.2-150000.3.2.1 linux-atm-debuginfo-2.5.2-150000.3.2.1 linux-atm-debugsource-2.5.2-150000.3.2.1 linux-atm-devel-2.5.2-150000.3.2.1 ppp-2.4.7-150000.5.8.1 ppp-debuginfo-2.4.7-150000.5.8.1 ppp-debugsource-2.4.7-150000.5.8.1 ppp-devel-2.4.7-150000.5.8.1 References: From sle-updates at lists.suse.com Wed Jun 15 13:18:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 15:18:23 +0200 (CEST) Subject: SUSE-OU-2022:2086-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220615131823.CFE46FD9D@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:2086-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: os-prober Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2086=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2086=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2086=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2086=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2086=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2086=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): os-prober-1.76-150100.4.2.1 os-prober-debuginfo-1.76-150100.4.2.1 os-prober-debugsource-1.76-150100.4.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): os-prober-1.76-150100.4.2.1 os-prober-debuginfo-1.76-150100.4.2.1 os-prober-debugsource-1.76-150100.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): os-prober-1.76-150100.4.2.1 os-prober-debuginfo-1.76-150100.4.2.1 os-prober-debugsource-1.76-150100.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): os-prober-1.76-150100.4.2.1 os-prober-debuginfo-1.76-150100.4.2.1 os-prober-debugsource-1.76-150100.4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (ppc64le s390x): os-prober-1.76-150100.4.2.1 os-prober-debuginfo-1.76-150100.4.2.1 os-prober-debugsource-1.76-150100.4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): os-prober-1.76-150100.4.2.1 References: From sle-updates at lists.suse.com Wed Jun 15 16:15:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 18:15:00 +0200 (CEST) Subject: SUSE-RU-2022:2090-1: moderate: Recommended update for regionServiceClientConfigAzure Message-ID: <20220615161500.0FD42FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigAzure ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2090-1 Rating: moderate References: #1199668 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigAzure fixes the following issues: - Update to version 2.0.0 (bsc#1199668) - Move the certs to /usr from /var to accomodate ro filesystem of SLE-Micro - Fix source url in spec file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2090=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2090=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2090=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2090=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2090=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2090=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2090=1 Package List: - openSUSE Leap 15.4 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - openSUSE Leap 15.3 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): regionServiceClientConfigAzure-2.0.0-150000.3.16.1 References: https://bugzilla.suse.com/1199668 From sle-updates at lists.suse.com Wed Jun 15 19:17:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 21:17:22 +0200 (CEST) Subject: SUSE-RU-2022:2095-1: important: Recommended update for fence-agents Message-ID: <20220615191722.9117EFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2095-1 Rating: important References: #1198872 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fix and issue where 'fence-agents' is broken in GCP due to missing "--zone" parameter (bsc#1198872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2095=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2095=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2095=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.35.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.35.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.35.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.35.1 References: https://bugzilla.suse.com/1198872 From sle-updates at lists.suse.com Wed Jun 15 19:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 21:17:58 +0200 (CEST) Subject: SUSE-RU-2022:2096-1: moderate: Recommended update for yast2-online-update-configuration Message-ID: <20220615191758.14FC6FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-online-update-configuration ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2096-1 Rating: moderate References: #1198848 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-online-update-configuration fixes the following issues: - Reduce nesting in the "category_filter" section of the AutoYaST profile. The old (nested) format is still accepted. (bsc#1198848) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2096=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2096=1 Package List: - openSUSE Leap 15.3 (noarch): yast2-online-update-configuration-4.3.3-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-online-update-configuration-4.3.3-150300.3.3.1 References: https://bugzilla.suse.com/1198848 From sle-updates at lists.suse.com Wed Jun 15 19:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 21:18:56 +0200 (CEST) Subject: SUSE-RU-2022:2093-1: moderate: Recommended update for open-vm-tools Message-ID: <20220615191856.0D0BBFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2093-1 Rating: moderate References: #1196803 #1196804 SLE-24097 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for open-vm-tools fixes the following issues: - Update to 12.0.0 (build 19345655) (bsc#1196803) - Update open-vm-tools 12.0.0. (jsc#SLE-24097) - Support for managing Salt Minion through guest variables. A new open-vm-tools-salt-minion rpm is added to handle this support. - New ComponentMgr plugin to manage (add, remove, monitor) components on the guest VM. - Patch to fix potential Fail to Build from Source. (bsc#1196804) - Build vmhgfs with either libfuse2 or libfuse3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2093=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2093=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2093=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2093=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2093=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2093=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2093=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2093=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): libvmtools-devel-12.0.0-150300.16.1 libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-desktop-12.0.0-150300.16.1 open-vm-tools-desktop-debuginfo-12.0.0-150300.16.1 open-vm-tools-sdmp-12.0.0-150300.16.1 open-vm-tools-sdmp-debuginfo-12.0.0-150300.16.1 - openSUSE Leap 15.3 (aarch64 x86_64): libvmtools-devel-12.0.0-150300.16.1 libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-desktop-12.0.0-150300.16.1 open-vm-tools-desktop-debuginfo-12.0.0-150300.16.1 open-vm-tools-sdmp-12.0.0-150300.16.1 open-vm-tools-sdmp-debuginfo-12.0.0-150300.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-desktop-12.0.0-150300.16.1 open-vm-tools-desktop-debuginfo-12.0.0-150300.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-desktop-12.0.0-150300.16.1 open-vm-tools-desktop-debuginfo-12.0.0-150300.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libvmtools-devel-12.0.0-150300.16.1 libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-sdmp-12.0.0-150300.16.1 open-vm-tools-sdmp-debuginfo-12.0.0-150300.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libvmtools-devel-12.0.0-150300.16.1 libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 open-vm-tools-sdmp-12.0.0-150300.16.1 open-vm-tools-sdmp-debuginfo-12.0.0-150300.16.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): libvmtools0-12.0.0-150300.16.1 libvmtools0-debuginfo-12.0.0-150300.16.1 open-vm-tools-12.0.0-150300.16.1 open-vm-tools-debuginfo-12.0.0-150300.16.1 open-vm-tools-debugsource-12.0.0-150300.16.1 References: https://bugzilla.suse.com/1196803 https://bugzilla.suse.com/1196804 From sle-updates at lists.suse.com Wed Jun 15 19:19:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 21:19:37 +0200 (CEST) Subject: SUSE-RU-2022:2094-1: important: Recommended update for fence-agents Message-ID: <20220615191937.1638DFDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2094-1 Rating: important References: #1198872 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fix and issue where 'fence-agents' is broken in GCP due to missing "--zone" parameter (bsc#1198872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2094=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2094=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2094=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2094=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2094=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2094=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.11.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.11.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.11.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.11.1 References: https://bugzilla.suse.com/1198872 From sle-updates at lists.suse.com Wed Jun 15 19:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2022 21:20:46 +0200 (CEST) Subject: SUSE-RU-2022:2097-1: moderate: Recommended update for yast2-network Message-ID: <20220615192046.52BC6FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2097-1 Rating: moderate References: #1199451 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - CFA NM: replace problematic characters when getting the filename for the given wireless configuration (bsc#1199451). - 4.3.82 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2097=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2097=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-2097=1 Package List: - openSUSE Leap 15.3 (noarch): yast2-network-4.3.82-150300.3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-network-4.3.82-150300.3.28.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): yast2-network-4.3.82-150300.3.28.1 References: https://bugzilla.suse.com/1199451 From sle-updates at lists.suse.com Thu Jun 16 07:24:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 09:24:04 +0200 (CEST) Subject: SUSE-CU-2022:1327-1: Recommended update of bci/openjdk-devel Message-ID: <20220616072404.1D9AAF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1327-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-18.1 , bci/openjdk-devel:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 1200426 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2060-1 Released: Mon Jun 13 15:26:16 2022 Summary: Recommended update for geronimo-specs Type: recommended Severity: moderate References: 1200426 This recommended update for geronimo-specs provides the following fix: - Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426) The following package changes have been done: - geronimo-annotation-1_0-api-1.2-150200.15.2.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:openjdk-11-image-15.3.0-17.69 updated From sle-updates at lists.suse.com Thu Jun 16 07:31:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 09:31:14 +0200 (CEST) Subject: SUSE-CU-2022:1328-1: Recommended update of bci/ruby Message-ID: <20220616073114.864DDF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1328-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.52 , bci/ruby:latest Container Release : 18.52 Severity : moderate Type : recommended References : 1191908 1198422 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) The following package changes have been done: - binutils-2.37-150100.7.34.1 updated - libctf-nobfd0-2.37-150100.7.34.1 updated - libctf0-2.37-150100.7.34.1 updated - container:sles15-image-15.0.0-17.17.14 updated From sle-updates at lists.suse.com Thu Jun 16 13:15:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 15:15:29 +0200 (CEST) Subject: SUSE-SU-2022:2098-1: important: Security update for openssl Message-ID: <20220616131529.949B0FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2098-1 Rating: important References: #1199166 Cross-References: CVE-2022-1292 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2098=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2098=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2098=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2098=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2098=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2098=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2098=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.80.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.80.1 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.80.1 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.80.1 libopenssl1_0_0-1.0.2j-60.80.1 libopenssl1_0_0-32bit-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-1.0.2j-60.80.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.80.1 libopenssl1_0_0-hmac-1.0.2j-60.80.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.80.1 openssl-1.0.2j-60.80.1 openssl-debuginfo-1.0.2j-60.80.1 openssl-debugsource-1.0.2j-60.80.1 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.80.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://bugzilla.suse.com/1199166 From sle-updates at lists.suse.com Thu Jun 16 16:16:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 18:16:33 +0200 (CEST) Subject: SUSE-SU-2022:2099-1: important: Security update for apache2 Message-ID: <20220616161633.3EC54FD9D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2099-1 Rating: important References: #1200338 #1200340 #1200341 #1200345 #1200348 #1200350 #1200352 Cross-References: CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVSS scores: CVE-2022-26377 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-28614 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28615 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31813 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2099=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2099=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2099=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2099=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2099=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2099=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2099=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2099=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2099=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2099=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2099=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.91.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.91.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.91.1 apache2-debuginfo-2.4.23-29.91.1 apache2-debugsource-2.4.23-29.91.1 apache2-example-pages-2.4.23-29.91.1 apache2-prefork-2.4.23-29.91.1 apache2-prefork-debuginfo-2.4.23-29.91.1 apache2-utils-2.4.23-29.91.1 apache2-utils-debuginfo-2.4.23-29.91.1 apache2-worker-2.4.23-29.91.1 apache2-worker-debuginfo-2.4.23-29.91.1 References: https://www.suse.com/security/cve/CVE-2022-26377.html https://www.suse.com/security/cve/CVE-2022-28614.html https://www.suse.com/security/cve/CVE-2022-28615.html https://www.suse.com/security/cve/CVE-2022-29404.html https://www.suse.com/security/cve/CVE-2022-30522.html https://www.suse.com/security/cve/CVE-2022-30556.html https://www.suse.com/security/cve/CVE-2022-31813.html https://bugzilla.suse.com/1200338 https://bugzilla.suse.com/1200340 https://bugzilla.suse.com/1200341 https://bugzilla.suse.com/1200345 https://bugzilla.suse.com/1200348 https://bugzilla.suse.com/1200350 https://bugzilla.suse.com/1200352 From sle-updates at lists.suse.com Thu Jun 16 16:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 18:17:41 +0200 (CEST) Subject: SUSE-SU-2022:2101-1: important: Security update for apache2 Message-ID: <20220616161741.0F8B1FD9D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2101-1 Rating: important References: #1200338 #1200340 #1200341 #1200345 #1200348 #1200350 #1200352 Cross-References: CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 CVSS scores: CVE-2022-26377 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-28614 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28615 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29404 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31813 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2101=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2101=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-35.19.1 apache2-debugsource-2.4.51-35.19.1 apache2-devel-2.4.51-35.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-35.19.1 apache2-debuginfo-2.4.51-35.19.1 apache2-debugsource-2.4.51-35.19.1 apache2-example-pages-2.4.51-35.19.1 apache2-prefork-2.4.51-35.19.1 apache2-prefork-debuginfo-2.4.51-35.19.1 apache2-utils-2.4.51-35.19.1 apache2-utils-debuginfo-2.4.51-35.19.1 apache2-worker-2.4.51-35.19.1 apache2-worker-debuginfo-2.4.51-35.19.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.51-35.19.1 References: https://www.suse.com/security/cve/CVE-2022-26377.html https://www.suse.com/security/cve/CVE-2022-28614.html https://www.suse.com/security/cve/CVE-2022-28615.html https://www.suse.com/security/cve/CVE-2022-29404.html https://www.suse.com/security/cve/CVE-2022-30522.html https://www.suse.com/security/cve/CVE-2022-30556.html https://www.suse.com/security/cve/CVE-2022-31813.html https://bugzilla.suse.com/1200338 https://bugzilla.suse.com/1200340 https://bugzilla.suse.com/1200341 https://bugzilla.suse.com/1200345 https://bugzilla.suse.com/1200348 https://bugzilla.suse.com/1200350 https://bugzilla.suse.com/1200352 From sle-updates at lists.suse.com Thu Jun 16 19:16:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:16:27 +0200 (CEST) Subject: SUSE-SU-2022:2103-1: important: Security update for the Linux Kernel Message-ID: <20220616191627.5C106FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2103-1 Rating: important References: #1028340 #1055710 #1071995 #1087082 #1114648 #1158266 #1172456 #1183723 #1187055 #1191647 #1191958 #1195651 #1196367 #1196426 #1197219 #1197343 #1198400 #1198516 #1198577 #1198687 #1198742 #1198776 #1198825 #1199012 #1199063 #1199314 #1199399 #1199426 #1199505 #1199507 #1199605 #1199650 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2019-19377 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (bnc#1191958) - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - lib: dimlib: fix help text typos (bsc#1198776). - lib: dimlib: make DIMLIB a hidden symbol (bsc#1198776). - linux/dim: Add completions count to dim_sample (bsc#1198776). - linux/dim: Fix -Wunused-const-variable warnings (bsc#1198776). - linux/dim: Fix overflow in dim calculation (bsc#1198776). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1198776). - linux/dim: Move implementation to .c files (bsc#1198776). - linux/dim: Move logic to dim.h (bsc#1198776). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1198776). - linux/dim: Rename externally exposed macros (bsc#1198776). - linux/dim: Rename externally used net_dim members (bsc#1198776). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1198776). - net: ena: A typo fix in the file ena_com.h (bsc#1198776). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198776). - net: ena: add device distinct log prefix to files (bsc#1198776). - net: ena: Add first_interrupt field to napi struct (bsc#1198776). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1198776). - net: ena: add jiffies of last napi call to stats (bsc#1198776). - net: ena: add missing ethtool TX timestamping indication (bsc#1198776). - net: ena: add reserved PCI device ID (bsc#1198776). - net: ena: add support for reporting of packet drops (bsc#1198776). - net: ena: add support for the rx offset feature (bsc#1198776). - net: ena: add support for traffic mirroring (bsc#1198776). - net: ena: add unmask interrupts statistics to ethtool (bsc#1198776). - net: ena: aggregate stats increase into a function (bsc#1198776). - net: ena: allow setting the hash function without changing the key (bsc#1198776). - net: ena: avoid memory access violation by validating req_id properly (bsc#1198776). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1198776). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1198776). - net: ena: Capitalize all log strings and improve code readability (bsc#1198776). - net: ena: change default RSS hash function to Toeplitz (bsc#1198776). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198776). - net: ena: Change license into format to SPDX in all files (bsc#1198776). - net: ena: Change log message to netif/dev function (bsc#1198776). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1198776). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198776). - net: ena: Change RSS related macros and variables names (bsc#1198776). - net: ena: Change the name of bad_csum variable (bsc#1198776). - net: ena: changes to RSS hash key allocation (bsc#1198776). - net: ena: clean up indentation issue (bsc#1198776). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1198776). - net: ena: cosmetic: code reorderings (bsc#1198776). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1198776). - net: ena: cosmetic: fix line break issues (bsc#1198776). - net: ena: cosmetic: fix spacing issues (bsc#1198776). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1198776). - net: ena: cosmetic: minor code changes (bsc#1198776). - net: ena: cosmetic: remove unnecessary code (bsc#1198776). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1198776). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1198776). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1198776). - net: ena: do not wake up tx queue when down (bsc#1198776). - net: ena: drop superfluous prototype (bsc#1198776). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1198776). - net: ena: enable support of rss hash key and function changes (bsc#1198776). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1198776). - net: ena: ethtool: Add new device statistics (bsc#1198776). - net: ena: ethtool: clean up minor indentation issue (bsc#1198776). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1198776). - net: ena: ethtool: get_channels: use combined only (bsc#1198776). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1198776). - net: ena: ethtool: support set_channels callback (bsc#1198776). - net: ena: ethtool: use correct value for crc32 hash (bsc#1198776). - net: ena: Fix all static chekers' warnings (bsc#1198776). - net: ena: Fix build warning in ena_xdp_set() (bsc#1198776). - net: ena: fix coding style nits (bsc#1198776). - net: ena: fix continuous keep-alive resets (bsc#1198776). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1198776). - net: ena: fix default tx interrupt moderation interval (bsc#1198776). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1198776). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198776). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1198776). - net: ena: fix inaccurate print type (bsc#1198776). - net: ena: fix incorrect default RSS key (bsc#1198776). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1198776). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1198776). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1198776). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1198776). - net: ena: fix napi handler misbehavior when the napi budget is zero (bsc#1198776). - net: ena: fix packet's addresses for rx_offset feature (bsc#1198776). - net: ena: fix potential crash when rxfh key is NULL (bsc#1198776). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1198776). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1198776). - net: ena: fix update of interrupt moderation register (bsc#1198776). - net: ena: fix uses of round_jiffies() (bsc#1198776). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1198776). - net: ena: Fix wrong rx request id by resetting device (bsc#1198776). - net: ena: handle bad request id in ena_netdev (bsc#1198776). - net: ena: Improve error logging in driver (bsc#1198776). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1198776). - net: ena: make ethtool -l show correct max number of queues (bsc#1198776). - net: ena: Make missed_tx stat incremental (bsc#1198776). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198776). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1198776). - net: ena: Move reset completion print to the reset function (bsc#1198776). - net: ena: multiple queue creation related cleanups (bsc#1198776). - net: ena: Prevent reset after device destruction (bsc#1198776). - net: ena: re-organize code to improve readability (bsc#1198776). - net: ena: reduce driver load time (bsc#1198776). - net: ena: reimplement set/get_coalesce() (bsc#1198776). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1198776). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1198776). - net: ena: remove code that does nothing (bsc#1198776). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198776). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1198776). - net: ena: remove extra words from comments (bsc#1198776). - net: ena: Remove module param and change message severity (bsc#1198776). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1198776). - net: ena: remove redundant print of number of queues (bsc#1198776). - net: ena: Remove redundant print of placement policy (bsc#1198776). - net: ena: Remove redundant return code check (bsc#1198776). - net: ena: remove set but not used variable 'hash_key' (bsc#1198776). - net: ena: Remove unused code (bsc#1198776). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1198776). - net: ena: rss: do not allocate key when not supported (bsc#1198776). - net: ena: rss: fix failure to get indirection table (bsc#1198776). - net: ena: rss: store hash function as values and not bits (bsc#1198776). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1198776). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1198776). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1198776). - net: ena: store values in their appropriate variables types (bsc#1198776). - net: ena: support new LLQ acceleration mode (bsc#1198776). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1198776). - net: ena: use constant value for net_device allocation (bsc#1198776). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198776). - net: ena: use explicit variable size for clarity (bsc#1198776). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1198776). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: update net_dim documentation after rename (bsc#1198776). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2103=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2103=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2103=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2103=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2103=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2103=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.92.2 kernel-default-base-4.12.14-150000.150.92.2 kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 kernel-default-devel-4.12.14-150000.150.92.2 kernel-default-devel-debuginfo-4.12.14-150000.150.92.2 kernel-obs-build-4.12.14-150000.150.92.2 kernel-obs-build-debugsource-4.12.14-150000.150.92.2 kernel-syms-4.12.14-150000.150.92.2 kernel-vanilla-base-4.12.14-150000.150.92.2 kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debugsource-4.12.14-150000.150.92.2 reiserfs-kmp-default-4.12.14-150000.150.92.2 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.92.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.92.2 kernel-docs-4.12.14-150000.150.92.2 kernel-macros-4.12.14-150000.150.92.2 kernel-source-4.12.14-150000.150.92.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.92.2 kernel-default-base-4.12.14-150000.150.92.2 kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 kernel-default-devel-4.12.14-150000.150.92.2 kernel-default-devel-debuginfo-4.12.14-150000.150.92.2 kernel-obs-build-4.12.14-150000.150.92.2 kernel-obs-build-debugsource-4.12.14-150000.150.92.2 kernel-syms-4.12.14-150000.150.92.2 kernel-vanilla-base-4.12.14-150000.150.92.2 kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debugsource-4.12.14-150000.150.92.2 reiserfs-kmp-default-4.12.14-150000.150.92.2 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.92.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.92.2 kernel-docs-4.12.14-150000.150.92.2 kernel-macros-4.12.14-150000.150.92.2 kernel-source-4.12.14-150000.150.92.2 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.92.2 kernel-zfcpdump-debuginfo-4.12.14-150000.150.92.2 kernel-zfcpdump-debugsource-4.12.14-150000.150.92.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 kernel-default-livepatch-4.12.14-150000.150.92.2 kernel-livepatch-4_12_14-150000_150_92-default-1-150000.1.3.2 kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-1-150000.1.3.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.92.2 kernel-default-base-4.12.14-150000.150.92.2 kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 kernel-default-devel-4.12.14-150000.150.92.2 kernel-default-devel-debuginfo-4.12.14-150000.150.92.2 kernel-obs-build-4.12.14-150000.150.92.2 kernel-obs-build-debugsource-4.12.14-150000.150.92.2 kernel-syms-4.12.14-150000.150.92.2 kernel-vanilla-base-4.12.14-150000.150.92.2 kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debugsource-4.12.14-150000.150.92.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.92.2 kernel-docs-4.12.14-150000.150.92.2 kernel-macros-4.12.14-150000.150.92.2 kernel-source-4.12.14-150000.150.92.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.92.2 kernel-default-base-4.12.14-150000.150.92.2 kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 kernel-default-devel-4.12.14-150000.150.92.2 kernel-default-devel-debuginfo-4.12.14-150000.150.92.2 kernel-obs-build-4.12.14-150000.150.92.2 kernel-obs-build-debugsource-4.12.14-150000.150.92.2 kernel-syms-4.12.14-150000.150.92.2 kernel-vanilla-base-4.12.14-150000.150.92.2 kernel-vanilla-base-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debuginfo-4.12.14-150000.150.92.2 kernel-vanilla-debugsource-4.12.14-150000.150.92.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.92.2 kernel-docs-4.12.14-150000.150.92.2 kernel-macros-4.12.14-150000.150.92.2 kernel-source-4.12.14-150000.150.92.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.92.2 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.92.2 dlm-kmp-default-4.12.14-150000.150.92.2 dlm-kmp-default-debuginfo-4.12.14-150000.150.92.2 gfs2-kmp-default-4.12.14-150000.150.92.2 gfs2-kmp-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debuginfo-4.12.14-150000.150.92.2 kernel-default-debugsource-4.12.14-150000.150.92.2 ocfs2-kmp-default-4.12.14-150000.150.92.2 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.92.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2019-20811.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2021-43389.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1172456 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198776 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Thu Jun 16 19:20:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:20:17 +0200 (CEST) Subject: SUSE-SU-2022:2108-1: important: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 Message-ID: <20220616192017.35D32FD9D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2108-1 Rating: important References: #1185780 #1196182 Cross-References: CVE-2021-22904 CVE-2022-23633 CVSS scores: CVE-2021-22904 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22904 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23633 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-23633 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues: - CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780) - CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2108=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2108=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2108=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-22904.html https://www.suse.com/security/cve/CVE-2022-23633.html https://bugzilla.suse.com/1185780 https://bugzilla.suse.com/1196182 From sle-updates at lists.suse.com Thu Jun 16 19:21:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:21:46 +0200 (CEST) Subject: SUSE-SU-2022:2102-1: important: Security update for vim Message-ID: <20220616192146.46EE2FD9D@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2102-1 Rating: important References: #1070955 #1191770 #1192167 #1192902 #1192903 #1192904 #1193466 #1193905 #1194093 #1194216 #1194217 #1194388 #1194872 #1194885 #1195004 #1195203 #1195332 #1195354 #1196361 #1198596 #1198748 #1199331 #1199333 #1199334 #1199651 #1199655 #1199693 #1199745 #1199747 #1199936 #1200010 #1200011 #1200012 Cross-References: CVE-2017-17087 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVSS scores: CVE-2017-17087 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-17087 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3875 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3875 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3903 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3968 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3973 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4069 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4069 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2021-4136 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4136 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4166 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-4166 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2021-4192 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4192 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0128 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0213 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0213 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0261 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0261 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0319 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0359 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0392 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0392 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-0407 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0407 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0696 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0696 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1381 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1381 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1420 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1420 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1616 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1616 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1619 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1619 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1620 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1620 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1733 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1733 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-1735 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1735 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1771 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1771 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1785 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1785 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1796 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1796 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1851 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1851 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1897 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1897 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1898 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1898 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1927 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1927 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 45 vulnerabilities is now available. Description: This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2102=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2102=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2102=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2102=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2102=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2102=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2102=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2102=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2102=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2102=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2102=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2102=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2102=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2102=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2102=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2102=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2102=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - openSUSE Leap 15.4 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - openSUSE Leap 15.3 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Server 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 7 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 6 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 References: https://www.suse.com/security/cve/CVE-2017-17087.html https://www.suse.com/security/cve/CVE-2021-3778.html https://www.suse.com/security/cve/CVE-2021-3796.html https://www.suse.com/security/cve/CVE-2021-3872.html https://www.suse.com/security/cve/CVE-2021-3875.html https://www.suse.com/security/cve/CVE-2021-3903.html https://www.suse.com/security/cve/CVE-2021-3927.html https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2021-3968.html https://www.suse.com/security/cve/CVE-2021-3973.html https://www.suse.com/security/cve/CVE-2021-3974.html https://www.suse.com/security/cve/CVE-2021-3984.html https://www.suse.com/security/cve/CVE-2021-4019.html https://www.suse.com/security/cve/CVE-2021-4069.html https://www.suse.com/security/cve/CVE-2021-4136.html https://www.suse.com/security/cve/CVE-2021-4166.html https://www.suse.com/security/cve/CVE-2021-4192.html https://www.suse.com/security/cve/CVE-2021-4193.html https://www.suse.com/security/cve/CVE-2021-46059.html https://www.suse.com/security/cve/CVE-2022-0128.html https://www.suse.com/security/cve/CVE-2022-0213.html https://www.suse.com/security/cve/CVE-2022-0261.html https://www.suse.com/security/cve/CVE-2022-0318.html https://www.suse.com/security/cve/CVE-2022-0319.html https://www.suse.com/security/cve/CVE-2022-0351.html https://www.suse.com/security/cve/CVE-2022-0359.html https://www.suse.com/security/cve/CVE-2022-0361.html https://www.suse.com/security/cve/CVE-2022-0392.html https://www.suse.com/security/cve/CVE-2022-0407.html https://www.suse.com/security/cve/CVE-2022-0413.html https://www.suse.com/security/cve/CVE-2022-0696.html https://www.suse.com/security/cve/CVE-2022-1381.html https://www.suse.com/security/cve/CVE-2022-1420.html https://www.suse.com/security/cve/CVE-2022-1616.html https://www.suse.com/security/cve/CVE-2022-1619.html https://www.suse.com/security/cve/CVE-2022-1620.html https://www.suse.com/security/cve/CVE-2022-1733.html https://www.suse.com/security/cve/CVE-2022-1735.html https://www.suse.com/security/cve/CVE-2022-1771.html https://www.suse.com/security/cve/CVE-2022-1785.html https://www.suse.com/security/cve/CVE-2022-1796.html https://www.suse.com/security/cve/CVE-2022-1851.html https://www.suse.com/security/cve/CVE-2022-1897.html https://www.suse.com/security/cve/CVE-2022-1898.html https://www.suse.com/security/cve/CVE-2022-1927.html https://bugzilla.suse.com/1070955 https://bugzilla.suse.com/1191770 https://bugzilla.suse.com/1192167 https://bugzilla.suse.com/1192902 https://bugzilla.suse.com/1192903 https://bugzilla.suse.com/1192904 https://bugzilla.suse.com/1193466 https://bugzilla.suse.com/1193905 https://bugzilla.suse.com/1194093 https://bugzilla.suse.com/1194216 https://bugzilla.suse.com/1194217 https://bugzilla.suse.com/1194388 https://bugzilla.suse.com/1194872 https://bugzilla.suse.com/1194885 https://bugzilla.suse.com/1195004 https://bugzilla.suse.com/1195203 https://bugzilla.suse.com/1195332 https://bugzilla.suse.com/1195354 https://bugzilla.suse.com/1196361 https://bugzilla.suse.com/1198596 https://bugzilla.suse.com/1198748 https://bugzilla.suse.com/1199331 https://bugzilla.suse.com/1199333 https://bugzilla.suse.com/1199334 https://bugzilla.suse.com/1199651 https://bugzilla.suse.com/1199655 https://bugzilla.suse.com/1199693 https://bugzilla.suse.com/1199745 https://bugzilla.suse.com/1199747 https://bugzilla.suse.com/1199936 https://bugzilla.suse.com/1200010 https://bugzilla.suse.com/1200011 https://bugzilla.suse.com/1200012 From sle-updates at lists.suse.com Thu Jun 16 19:25:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:25:42 +0200 (CEST) Subject: SUSE-SU-2022:2104-1: important: Security update for the Linux Kernel Message-ID: <20220616192542.9B2F9FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2104-1 Rating: important References: #1028340 #1065729 #1071995 #1158266 #1177282 #1191647 #1195651 #1195926 #1196114 #1196367 #1196426 #1196433 #1196514 #1196570 #1196942 #1197157 #1197343 #1197472 #1197656 #1197660 #1197895 #1198330 #1198400 #1198484 #1198516 #1198577 #1198660 #1198687 #1198778 #1198825 #1199012 #1199063 #1199314 #1199505 #1199507 #1199605 #1199650 #1199918 #1200015 #1200143 #1200144 #1200249 SLE-18234 Cross-References: CVE-2019-19377 CVE-2020-26541 CVE-2021-20321 CVE-2021-33061 CVE-2022-0168 CVE-2022-1011 CVE-2022-1158 CVE-2022-1184 CVE-2022-1353 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-28893 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28893 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28893 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 23 vulnerabilities, contains one feature and has 19 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cifs: fix bad fids sent over wire (bsc#1197157). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - net: ena: A typo fix in the file ena_com.h (bsc#1198778). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198778). - net: ena: Fix wrong rx request id by resetting device (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: optimize data access in fast-path code (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1199918). - ping: remove pr_err from ping_lookup (bsc#1199918). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - sched/rt: Disable RT_RUNTIME_SHARE by default (bnc#1197895). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2104=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2104=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2104=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2104=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2104=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2104=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2104=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2104=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2104=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2104=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2104=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-livepatch-5.3.18-150200.24.115.1 kernel-default-livepatch-devel-5.3.18-150200.24.115.1 kernel-livepatch-5_3_18-150200_24_115-default-1-150200.5.3.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-1-150200.5.3.1 kernel-livepatch-SLE15-SP2_Update_27-debugsource-1-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.115.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.115.1 dlm-kmp-default-5.3.18-150200.24.115.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.115.1 gfs2-kmp-default-5.3.18-150200.24.115.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 ocfs2-kmp-default-5.3.18-150200.24.115.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.115.1 kernel-default-base-5.3.18-150200.24.115.1.150200.9.54.1 kernel-default-debuginfo-5.3.18-150200.24.115.1 kernel-default-debugsource-5.3.18-150200.24.115.1 kernel-default-devel-5.3.18-150200.24.115.1 kernel-default-devel-debuginfo-5.3.18-150200.24.115.1 kernel-obs-build-5.3.18-150200.24.115.1 kernel-obs-build-debugsource-5.3.18-150200.24.115.1 kernel-preempt-5.3.18-150200.24.115.1 kernel-preempt-debuginfo-5.3.18-150200.24.115.1 kernel-preempt-debugsource-5.3.18-150200.24.115.1 kernel-preempt-devel-5.3.18-150200.24.115.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.115.1 kernel-syms-5.3.18-150200.24.115.1 reiserfs-kmp-default-5.3.18-150200.24.115.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.115.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.115.1 kernel-docs-5.3.18-150200.24.115.1 kernel-macros-5.3.18-150200.24.115.1 kernel-source-5.3.18-150200.24.115.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2022-0168.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1158.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-28893.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196433 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1197157 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197472 https://bugzilla.suse.com/1197656 https://bugzilla.suse.com/1197660 https://bugzilla.suse.com/1197895 https://bugzilla.suse.com/1198330 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198778 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199918 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Thu Jun 16 19:30:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:30:13 +0200 (CEST) Subject: SUSE-SU-2022:2105-1: important: Security update for 389-ds Message-ID: <20220616193013.3CCF7FD9D@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2105-1 Rating: important References: #1195324 #1199889 Cross-References: CVE-2021-4091 CVE-2022-1949 CVSS scores: CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2105=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2105=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2105=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2105=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2105=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2105=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2105=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2105=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2105=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Manager Proxy 4.1 (x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): 389-ds-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-debugsource-1.4.3.30~git2.ca761af4b-150200.3.29.1 389-ds-devel-1.4.3.30~git2.ca761af4b-150200.3.29.1 lib389-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-1.4.3.30~git2.ca761af4b-150200.3.29.1 libsvrcore0-debuginfo-1.4.3.30~git2.ca761af4b-150200.3.29.1 References: https://www.suse.com/security/cve/CVE-2021-4091.html https://www.suse.com/security/cve/CVE-2022-1949.html https://bugzilla.suse.com/1195324 https://bugzilla.suse.com/1199889 From sle-updates at lists.suse.com Thu Jun 16 19:30:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:30:57 +0200 (CEST) Subject: SUSE-SU-2022:2106-1: important: Security update for openssl-1_0_0 Message-ID: <20220616193057.8C591FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2106-1 Rating: important References: #1199166 Cross-References: CVE-2022-1292 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2106=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2106=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2106=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2106=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2106=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2106=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.53.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 libopenssl1_0_0-1.0.2p-3.53.1 libopenssl1_0_0-32bit-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.53.1 libopenssl1_0_0-hmac-1.0.2p-3.53.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.53.1 openssl-1_0_0-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.53.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 libopenssl1_0_0-1.0.2p-3.53.1 libopenssl1_0_0-32bit-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.53.1 libopenssl1_0_0-hmac-1.0.2p-3.53.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.53.1 openssl-1_0_0-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.53.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 libopenssl1_0_0-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-1.0.2p-3.53.1 libopenssl1_0_0-hmac-1.0.2p-3.53.1 openssl-1_0_0-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.53.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.53.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 libopenssl1_0_0-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-1.0.2p-3.53.1 libopenssl1_0_0-hmac-1.0.2p-3.53.1 openssl-1_0_0-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.53.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.53.1 libopenssl1_0_0-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-1.0.2p-3.53.1 libopenssl1_0_0-hmac-1.0.2p-3.53.1 openssl-1_0_0-1.0.2p-3.53.1 openssl-1_0_0-debuginfo-1.0.2p-3.53.1 openssl-1_0_0-debugsource-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.53.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.53.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.53.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.53.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://bugzilla.suse.com/1199166 From sle-updates at lists.suse.com Thu Jun 16 19:31:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:31:36 +0200 (CEST) Subject: SUSE-SU-2022:2109-1: important: Security update for 389-ds Message-ID: <20220616193136.DF2A2FD9D@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2109-1 Rating: important References: #1188455 #1195324 #1199889 Cross-References: CVE-2021-3652 CVE-2021-4091 CVE-2022-1949 CVSS scores: CVE-2021-3652 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords (bsc#1188455). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2109=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2109=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2109=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2109=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): 389-ds-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debugsource-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-devel-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): 389-ds-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debugsource-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-devel-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): 389-ds-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debugsource-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-devel-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): 389-ds-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-debugsource-1.4.0.31~git15.8b9843b0b-150000.4.27.1 389-ds-devel-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-1.4.0.31~git15.8b9843b0b-150000.4.27.1 libsvrcore0-debuginfo-1.4.0.31~git15.8b9843b0b-150000.4.27.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://www.suse.com/security/cve/CVE-2021-4091.html https://www.suse.com/security/cve/CVE-2022-1949.html https://bugzilla.suse.com/1188455 https://bugzilla.suse.com/1195324 https://bugzilla.suse.com/1199889 From sle-updates at lists.suse.com Thu Jun 16 19:32:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2022 21:32:35 +0200 (CEST) Subject: SUSE-SU-2022:2107-1: important: Security update for mariadb Message-ID: <20220616193235.36EC0FD9D@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2107-1 Rating: important References: #1198603 #1198604 #1198606 #1198607 #1198610 #1198611 #1198612 #1198613 #1198629 #1199928 Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVSS scores: CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2107=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2107=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2107=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2107=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2107=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2107=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 References: https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-21427.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27445.html https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1199928 From sle-updates at lists.suse.com Fri Jun 17 07:28:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 09:28:42 +0200 (CEST) Subject: SUSE-CU-2022:1329-1: Security update of suse/sles12sp3 Message-ID: <20220617072842.99A37F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1329-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.402 , suse/sles12sp3:latest Container Release : 24.402 Severity : important Type : security References : 1196317 1198139 1199166 CVE-2022-1292 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2048-1 Released: Mon Jun 13 09:21:27 2022 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1196317,1198139 This update for zypper fixes the following issues: - Improve return codes. (bsc#1198139) - info: Fix SEGV with not installed PTFs. (bsc#1196317) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2098-1 Released: Thu Jun 16 11:16:52 2022 Summary: Security update for openssl Type: security Severity: important References: 1199166,CVE-2022-1292 This update for openssl fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). The following package changes have been done: - libopenssl1_0_0-1.0.2j-60.80.1 updated - openssl-1.0.2j-60.80.1 updated - zypper-1.13.62-21.46.5 updated From sle-updates at lists.suse.com Fri Jun 17 07:47:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 09:47:15 +0200 (CEST) Subject: SUSE-CU-2022:1330-1: Security update of suse/sles12sp4 Message-ID: <20220617074715.522C3F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1330-1 Container Tags : suse/sles12sp4:26.469 , suse/sles12sp4:latest Container Release : 26.469 Severity : important Type : security References : 1196317 1198139 1199166 CVE-2022-1292 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2048-1 Released: Mon Jun 13 09:21:27 2022 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1196317,1198139 This update for zypper fixes the following issues: - Improve return codes. (bsc#1198139) - info: Fix SEGV with not installed PTFs. (bsc#1196317) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2106-1 Released: Thu Jun 16 15:23:17 2022 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1199166,CVE-2022-1292 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). The following package changes have been done: - base-container-licenses-3.0-1.298 updated - container-suseconnect-2.0.0-1.187 updated - libopenssl1_0_0-1.0.2p-3.53.1 updated - openssl-1_0_0-1.0.2p-3.53.1 updated - zypper-1.13.62-21.46.5 updated From sle-updates at lists.suse.com Fri Jun 17 08:01:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 10:01:42 +0200 (CEST) Subject: SUSE-CU-2022:1331-1: Security update of suse/sles12sp5 Message-ID: <20220617080142.7468CF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1331-1 Container Tags : suse/sles12sp5:6.5.342 , suse/sles12sp5:latest Container Release : 6.5.342 Severity : important Type : security References : 1196317 1198139 1199166 CVE-2022-1292 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2048-1 Released: Mon Jun 13 09:21:27 2022 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1196317,1198139 This update for zypper fixes the following issues: - Improve return codes. (bsc#1198139) - info: Fix SEGV with not installed PTFs. (bsc#1196317) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2106-1 Released: Thu Jun 16 15:23:17 2022 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1199166,CVE-2022-1292 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.53.1 updated - openssl-1_0_0-1.0.2p-3.53.1 updated - zypper-1.13.62-21.46.5 updated From sle-updates at lists.suse.com Fri Jun 17 13:15:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 15:15:20 +0200 (CEST) Subject: SUSE-RU-2022:2110-1: moderate: Recommended update for trento-agent Message-ID: <20220617131520.1A34BFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2110-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-agent fixes the following issues: - Release 1.0.0 - Flat map sap systems payload lists) - Restore release-tag job in the CI - Detect AWS based on dmidecode system-manufacturer - Fix install agent interval - Rename CloudProvider to Provider - Publish csp information of a discovered pacemaker cluster - Load HANA database IP address in agent side - Fix socket leak - fixup installation doc - Update installer for the new agent - Refactor collector port / host in server url - Add trento agent binary to tgz - Add api key support - Bump actions/setup-go from 2 to 3 - Bump actions/download-artifact from 2 to 3 - Bump actions/upload-artifact from 2 to 3 - Bump actions/cache from 3.0.1 to 3.0.2 - Add docs back - Refine service file - Name everything trento-agent and try to bring back the OBS CI step - Instruct the specfile to only create the RPM package for the agent binary - Bump actions/checkout from 2 to 3 (https://github.com/trento-project/agent/pull/3) - Bump actions/cache from 2 to 3.0.1 (https://github.com/trento-project/agent/pull/2) - Add github actions back Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2110=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2110=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2110=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2110=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): trento-server-installer-1.0.0-150300.3.4.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): trento-server-installer-1.0.0-150300.3.4.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): trento-server-installer-1.0.0-150300.3.4.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): trento-server-installer-1.0.0-150300.3.4.1 References: From sle-updates at lists.suse.com Fri Jun 17 13:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 15:15:46 +0200 (CEST) Subject: SUSE-RU-2022:2112-1: moderate: Recommended update for gnutls Message-ID: <20220617131546.37369FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2112-1 Rating: moderate References: #1190698 #1191021 #1194907 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gnutls fixes the following issues: - FIPS: Make sure zeroization is performed in all API functions [bsc#1191021] - FIPS: Add missing requirements for the SLI [bsc#1190698] * Remove 3DES from FIPS approved algorithms: * DRBG service (gnutls_rnd) should be considered approved: - FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2112=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2112=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.3.6 gnutls-debuginfo-3.7.3-150400.4.3.6 gnutls-debugsource-3.7.3-150400.4.3.6 gnutls-guile-3.7.3-150400.4.3.6 gnutls-guile-debuginfo-3.7.3-150400.4.3.6 libgnutls-devel-3.7.3-150400.4.3.6 libgnutls30-3.7.3-150400.4.3.6 libgnutls30-debuginfo-3.7.3-150400.4.3.6 libgnutls30-hmac-3.7.3-150400.4.3.6 libgnutlsxx-devel-3.7.3-150400.4.3.6 libgnutlsxx28-3.7.3-150400.4.3.6 libgnutlsxx28-debuginfo-3.7.3-150400.4.3.6 - openSUSE Leap 15.4 (x86_64): libgnutls-devel-32bit-3.7.3-150400.4.3.6 libgnutls30-32bit-3.7.3-150400.4.3.6 libgnutls30-32bit-debuginfo-3.7.3-150400.4.3.6 libgnutls30-hmac-32bit-3.7.3-150400.4.3.6 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.3.6 gnutls-debuginfo-3.7.3-150400.4.3.6 gnutls-debugsource-3.7.3-150400.4.3.6 libgnutls-devel-3.7.3-150400.4.3.6 libgnutls30-3.7.3-150400.4.3.6 libgnutls30-debuginfo-3.7.3-150400.4.3.6 libgnutls30-hmac-3.7.3-150400.4.3.6 libgnutlsxx-devel-3.7.3-150400.4.3.6 libgnutlsxx28-3.7.3-150400.4.3.6 libgnutlsxx28-debuginfo-3.7.3-150400.4.3.6 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgnutls30-32bit-3.7.3-150400.4.3.6 libgnutls30-32bit-debuginfo-3.7.3-150400.4.3.6 libgnutls30-hmac-32bit-3.7.3-150400.4.3.6 References: https://bugzilla.suse.com/1190698 https://bugzilla.suse.com/1191021 https://bugzilla.suse.com/1194907 From sle-updates at lists.suse.com Fri Jun 17 13:17:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 15:17:14 +0200 (CEST) Subject: SUSE-SU-2022:2111-1: important: Security update for the Linux Kernel Message-ID: <20220617131714.756A0FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2111-1 Rating: important References: #1028340 #1055710 #1065729 #1071995 #1084513 #1087082 #1114648 #1158266 #1172456 #1177282 #1182171 #1183723 #1187055 #1191647 #1191958 #1195065 #1195651 #1196018 #1196367 #1196426 #1196999 #1197219 #1197343 #1197663 #1198400 #1198516 #1198577 #1198660 #1198687 #1198742 #1198777 #1198825 #1199012 #1199063 #1199314 #1199399 #1199426 #1199505 #1199507 #1199605 #1199650 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2018-7755 CVE-2019-19377 CVE-2019-20811 CVE-2020-26541 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-28748 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 14 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2111=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2111=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2111=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2111=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2111=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2111=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2111=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2111=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-4.12.14-150100.197.114.2 kernel-vanilla-base-4.12.14-150100.197.114.2 kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debugsource-4.12.14-150100.197.114.2 kernel-vanilla-devel-4.12.14-150100.197.114.2 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.114.2 kernel-debug-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.114.2 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-man-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-4.12.14-150100.197.114.2 kernel-vanilla-base-4.12.14-150100.197.114.2 kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debugsource-4.12.14-150100.197.114.2 kernel-vanilla-devel-4.12.14-150100.197.114.2 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.114.2 kernel-debug-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.114.2 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-man-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-debuginfo-4.12.14-150100.197.114.2 kernel-zfcpdump-debugsource-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-livepatch-4.12.14-150100.197.114.2 kernel-default-livepatch-devel-4.12.14-150100.197.114.2 kernel-livepatch-4_12_14-150100_197_114-default-1-150100.3.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.114.2 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.114.2 dlm-kmp-default-4.12.14-150100.197.114.2 dlm-kmp-default-debuginfo-4.12.14-150100.197.114.2 gfs2-kmp-default-4.12.14-150100.197.114.2 gfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 ocfs2-kmp-default-4.12.14-150100.197.114.2 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2019-20811.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2021-43389.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1172456 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196999 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197663 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198777 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Fri Jun 17 19:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2022 21:15:46 +0200 (CEST) Subject: SUSE-FU-2022:2114-1: moderate: Feature update for build Message-ID: <20220617191546.14596FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for build ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2114-1 Rating: moderate References: SLE-24652 SLE-24653 SLE-24657 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains three features can now be installed. Description: This feature update for build provides the following changes: Support the Multi Factor Authentication in osc (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - Upgrade build from version 20220422 to version 20220613: * deb: defer dpkg triggers until all packages are installed, and disable man-db altogether * Add support of Debian Source format 3.0 (quilt) and changelog modification * Stop building aarch64_ilp32 baselibs for aarch64 Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2114=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2114=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2114=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2114=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2114=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2114=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2114=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2114=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2114=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2114=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2114=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2114=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2114=1 Package List: - openSUSE Leap 15.4 (noarch): build-20220613-150200.12.1 build-initvm-aarch64-20220613-150200.12.1 build-initvm-powerpc64le-20220613-150200.12.1 build-initvm-s390x-20220613-150200.12.1 build-initvm-x86_64-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 build-mkdrpms-20220613-150200.12.1 - openSUSE Leap 15.3 (noarch): build-20220613-150200.12.1 build-initvm-aarch64-20220613-150200.12.1 build-initvm-powerpc64le-20220613-150200.12.1 build-initvm-s390x-20220613-150200.12.1 build-initvm-x86_64-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 build-mkdrpms-20220613-150200.12.1 - SUSE Manager Server 4.1 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Manager Retail Branch Server 4.1 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Manager Proxy 4.1 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 - SUSE Enterprise Storage 7 (noarch): build-20220613-150200.12.1 build-mkbaselibs-20220613-150200.12.1 References: From sle-updates at lists.suse.com Sat Jun 18 07:35:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jun 2022 09:35:19 +0200 (CEST) Subject: SUSE-CU-2022:1333-1: Recommended update of suse/sle15 Message-ID: <20220618073519.AA3F0F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1333-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.153 Container Release : 9.5.153 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated From sle-updates at lists.suse.com Sat Jun 18 07:42:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jun 2022 09:42:39 +0200 (CEST) Subject: SUSE-CU-2022:1334-1: Recommended update of bci/golang Message-ID: <20220618074239.3F63CF386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1334-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-17.58 Container Release : 17.58 Severity : moderate Type : recommended References : 1191908 1192951 1193659 1195283 1196861 1197065 1198422 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) The following package changes have been done: - binutils-2.37-150100.7.34.1 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libctf-nobfd0-2.37-150100.7.34.1 updated - libctf0-2.37-150100.7.34.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.15 updated From sle-updates at lists.suse.com Sat Jun 18 08:02:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jun 2022 10:02:21 +0200 (CEST) Subject: SUSE-CU-2022:1337-1: Recommended update of bci/bci-micro Message-ID: <20220618080221.AF49DF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1337-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.11.1 , bci/bci-micro:latest Container Release : 11.1 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated From sle-updates at lists.suse.com Mon Jun 20 13:17:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 15:17:33 +0200 (CEST) Subject: SUSE-SU-2022:2116-1: important: Security update for the Linux Kernel Message-ID: <20220620131733.DF92AFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2116-1 Rating: important References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1162338 #1162369 #1173871 #1188885 #1194124 #1195651 #1196426 #1196570 #1197219 #1197601 #1198438 #1198577 #1198899 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199505 #1199507 #1199526 #1199602 #1199605 #1199606 #1199631 #1199650 #1199671 #1199839 #1200015 #1200045 #1200057 #1200143 #1200144 #1200173 #1200249 Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-30594 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770) - arm64: set plt* section addresses to 0x0 (git-fixes) - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes) - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes) - arm64: avoid -Woverride-init warning (git-fixes) - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too. - arm64: Clear OSDLR_EL1 on CPU boot (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes) - arm64: compat: Reduce address limit (git-fixes) - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes) - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes) - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes) - arm64: csum: Fix handling of bad packets (git-fixes) - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug (git-fixes) - arm64: debug: Ensure debug handlers check triggering exception level (git-fixes) - arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes) - arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: Fix HCR.TGE status for NMI contexts (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: Fix size of __early_cpu_boot_status (git-fixes) - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes) - arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes) - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes) - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes) - arm64: futex: Restore oldval initialization to work around buggy (git-fixes) - arm64: hibernate: check pgd table allocation (git-fixes) - arm64: hugetlb: avoid potential NULL dereference (git-fixes) - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes) - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes) - arm64: kdump: update ppos when reading elfcorehdr (git-fixes) - arm64: kgdb: Fix single-step exception handling oops (git-fixes) - arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: Relax GIC version check during early boot (git-fixes) - arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes) - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes) - arm64: smp: fix smp_send_stop() behaviour (git-fixes) - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes) - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601). - crypto: virtio - deal with unsupported input sizes (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770) - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes). - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes). - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes). - i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes). - i40e: Remove scheduling while atomic possibility (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes). - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899). - media: cpia2: fix control-message timeouts (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: em28xx: fix control-message timeouts. - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: vim2m: Remove surplus name initialization (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - PCI / ACPI: Mark expected switch fall-through (git-fixes). - PCI: Do not enable AtomicOps on VFs (bsc#1129770) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - qed: display VF trust config (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - sched/core: Add __sched tag for io_schedule() (git-fixes) - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - USB: cdc-wdm: fix reading stuck on device close (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Do not send unintended link state change (git-fixes). - USB: hub: Fix locking issues with address0_mutex (git-fixes). - USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - video: backlight: Drop maximum brightness override for brightness (bsc#1129770) - video: hyperv_fb: Fix validation of screen resolution (bsc#1129770) - vxlan: fix memleak of fdb (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2116=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2116=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2116=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2116=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2116=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.124.3 kernel-default-debugsource-4.12.14-122.124.3 kernel-default-extra-4.12.14-122.124.3 kernel-default-extra-debuginfo-4.12.14-122.124.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.124.3 kernel-obs-build-debugsource-4.12.14-122.124.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.124.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.124.3 kernel-default-base-4.12.14-122.124.3 kernel-default-base-debuginfo-4.12.14-122.124.3 kernel-default-debuginfo-4.12.14-122.124.3 kernel-default-debugsource-4.12.14-122.124.3 kernel-default-devel-4.12.14-122.124.3 kernel-syms-4.12.14-122.124.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.124.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.124.2 kernel-macros-4.12.14-122.124.2 kernel-source-4.12.14-122.124.2 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.124.3 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.124.3 kernel-default-debugsource-4.12.14-122.124.3 kernel-default-kgraft-4.12.14-122.124.3 kernel-default-kgraft-devel-4.12.14-122.124.3 kgraft-patch-4_12_14-122_124-default-1-8.3.3 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.124.3 cluster-md-kmp-default-debuginfo-4.12.14-122.124.3 dlm-kmp-default-4.12.14-122.124.3 dlm-kmp-default-debuginfo-4.12.14-122.124.3 gfs2-kmp-default-4.12.14-122.124.3 gfs2-kmp-default-debuginfo-4.12.14-122.124.3 kernel-default-debuginfo-4.12.14-122.124.3 kernel-default-debugsource-4.12.14-122.124.3 ocfs2-kmp-default-4.12.14-122.124.3 ocfs2-kmp-default-debuginfo-4.12.14-122.124.3 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1162338 https://bugzilla.suse.com/1162369 https://bugzilla.suse.com/1173871 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1194124 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198899 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199237 https://bugzilla.suse.com/1199239 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199526 https://bugzilla.suse.com/1199602 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199671 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200057 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200173 https://bugzilla.suse.com/1200249 From sle-updates at lists.suse.com Mon Jun 20 13:21:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 15:21:54 +0200 (CEST) Subject: SUSE-SU-2022:2117-1: important: Security update for python-Twisted Message-ID: <20220620132154.0FE26FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2117-1 Rating: important References: #1196739 Cross-References: CVE-2022-21716 CVSS scores: CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2117=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2117=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2117=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2117=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2117=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2117=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.17.1 python-Twisted-debuginfo-15.2.1-9.17.1 python-Twisted-debugsource-15.2.1-9.17.1 References: https://www.suse.com/security/cve/CVE-2022-21716.html https://bugzilla.suse.com/1196739 From sle-updates at lists.suse.com Mon Jun 20 16:16:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:16:34 +0200 (CEST) Subject: SUSE-FU-2022:14988-1: important: Feature update for SUSE Manager Client Tools Message-ID: <20220620161634.0B9F0F386@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:14988-1 Rating: important References: #1181223 #1190462 #1195625 #1197507 #1197689 #1199149 #1200167 SLE-23672 SLE-24223 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 feature fixes and contains two features can now be installed. Description: This update fixes the following issues: python3-gnupg: - Package required for salt 3004 on Ubuntu20.04 (bsc#1200167) salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean parameters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202205-14988=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): python3-gnupg-0.4.5-2 salt-common-3004+ds-1+2.77.2 salt-minion-3004+ds-1+2.77.2 spacecmd-4.3.11-2.45.3 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1200167 From sle-updates at lists.suse.com Mon Jun 20 16:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:17:50 +0200 (CEST) Subject: SUSE-RU-2022:2118-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220620161750.C3033F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2118-1 Rating: moderate References: #1181223 #1190462 #1193600 #1196704 #1197507 #1197689 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2118=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2118=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-2118=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2118=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2118=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2118=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2118=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2118=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2118=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2118=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2118=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2118=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-2118=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2118=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2118=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2118=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2118=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2118=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2118=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2118=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2118=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 golang-github-prometheus-promu-0.13.0-150000.3.6.1 prometheus-blackbox_exporter-0.19.0-150000.1.8.2 prometheus-postgres_exporter-0.10.0-150000.1.8.2 - openSUSE Leap 15.4 (noarch): python3-hwdata-2.3.5-150000.3.6.1 spacecmd-4.3.11-150000.3.80.2 supportutils-plugin-salt-1.2.0-150000.3.6.1 supportutils-plugin-susemanager-client-4.3.2-150000.3.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 golang-github-prometheus-promu-0.13.0-150000.3.6.1 prometheus-postgres_exporter-0.10.0-150000.1.8.2 - openSUSE Leap 15.3 (noarch): python2-hwdata-2.3.5-150000.3.6.1 python3-hwdata-2.3.5-150000.3.6.1 spacecmd-4.3.11-150000.3.80.2 supportutils-plugin-salt-1.2.0-150000.3.6.1 supportutils-plugin-susemanager-client-4.3.2-150000.3.18.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 prometheus-blackbox_exporter-0.19.0-150000.1.8.2 prometheus-postgres_exporter-0.10.0-150000.1.8.2 python3-uyuni-common-libs-4.3.4-150000.1.21.1 - SUSE Manager Tools 15 (noarch): mgr-cfg-4.3.6-150000.1.27.1 mgr-cfg-actions-4.3.6-150000.1.27.1 mgr-cfg-client-4.3.6-150000.1.27.1 mgr-cfg-management-4.3.6-150000.1.27.1 mgr-custom-info-4.3.3-150000.1.18.2 mgr-daemon-4.3.4-150000.1.32.1 mgr-osad-4.3.6-150000.1.39.2 mgr-push-4.3.4-150000.1.21.3 mgr-virtualization-host-4.3.5-150000.1.29.2 python3-hwdata-2.3.5-150000.3.6.1 python3-mgr-cfg-4.3.6-150000.1.27.1 python3-mgr-cfg-actions-4.3.6-150000.1.27.1 python3-mgr-cfg-client-4.3.6-150000.1.27.1 python3-mgr-cfg-management-4.3.6-150000.1.27.1 python3-mgr-osa-common-4.3.6-150000.1.39.2 python3-mgr-osad-4.3.6-150000.1.39.2 python3-mgr-push-4.3.4-150000.1.21.3 python3-mgr-virtualization-common-4.3.5-150000.1.29.2 python3-mgr-virtualization-host-4.3.5-150000.1.29.2 python3-rhnlib-4.3.4-150000.3.37.1 python3-spacewalk-check-4.3.9-150000.3.62.3 python3-spacewalk-client-setup-4.3.9-150000.3.62.3 python3-spacewalk-client-tools-4.3.9-150000.3.62.3 python3-spacewalk-koan-4.3.5-150000.3.30.1 python3-spacewalk-oscap-4.3.5-150000.3.21.2 python3-suseRegisterInfo-4.3.3-150000.3.24.2 spacecmd-4.3.11-150000.3.80.2 spacewalk-check-4.3.9-150000.3.62.3 spacewalk-client-setup-4.3.9-150000.3.62.3 spacewalk-client-tools-4.3.9-150000.3.62.3 spacewalk-koan-4.3.5-150000.3.30.1 spacewalk-oscap-4.3.5-150000.3.21.2 spacewalk-remote-utils-4.3.3-150000.3.21.2 supportutils-plugin-salt-1.2.0-150000.3.6.1 supportutils-plugin-susemanager-client-4.3.2-150000.3.18.1 suseRegisterInfo-4.3.3-150000.3.24.2 uyuni-proxy-systemd-services-4.3.4-150000.1.3.1 - SUSE Manager Server 4.1 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Manager Retail Branch Server 4.1 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Manager Proxy 4.1 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 prometheus-postgres_exporter-0.10.0-150000.1.8.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 prometheus-blackbox_exporter-0.19.0-150000.1.8.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 prometheus-blackbox_exporter-0.19.0-150000.1.8.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-hwdata-2.3.5-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Enterprise Storage 7 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE Enterprise Storage 6 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 - SUSE CaaS Platform 4.0 (noarch): supportutils-plugin-salt-1.2.0-150000.3.6.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Mon Jun 20 16:19:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:19:10 +0200 (CEST) Subject: SUSE-FU-2022:2120-1: important: Feature update for salt Message-ID: <20220620161910.68223F386@maintenance.suse.de> SUSE Feature Update: Feature update for salt ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2120-1 Rating: important References: #1195625 #1199149 SLE-23672 SLE-24223 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has two feature fixes and contains two features can now be installed. Description: This update for salt fixes the following issues: Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2120=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2120=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2120=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2120=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2120=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2120=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3004-150100.68.1 salt-fish-completion-3004-150100.68.1 salt-zsh-completion-3004-150100.68.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3004-150100.68.1 salt-3004-150100.68.1 salt-api-3004-150100.68.1 salt-cloud-3004-150100.68.1 salt-doc-3004-150100.68.1 salt-master-3004-150100.68.1 salt-minion-3004-150100.68.1 salt-proxy-3004-150100.68.1 salt-ssh-3004-150100.68.1 salt-standalone-formulas-configuration-3004-150100.68.1 salt-syndic-3004-150100.68.1 salt-transactional-update-3004-150100.68.1 References: https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:19:50 +0200 (CEST) Subject: SUSE-FU-2022:2135-1: important: Feature update for SUSE Manager Salt Bundle Message-ID: <20220620161950.3B163F386@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2135-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-2135=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-3.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:20:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:20:59 +0200 (CEST) Subject: SUSE-FU-2022:14986-1: important: Feature update for SUSE Manager Client Tools Message-ID: <20220620162059.041D1F386@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:14986-1 Rating: important References: #1181223 #1190462 #1195625 #1197507 #1197689 #1199149 #1200109 SLE-23672 SLE-24223 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 feature fixes and contains two features can now be installed. Description: This update fixes the following issues: python3-zmq: - Package required for salt 3004 on Ubuntu18.04 (bsc#1200109) salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean parameters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202205-14986=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): python3-zmq-18.1.1-3 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): python3-contextvars-2.4-1 python3-immutables-0.11-1 salt-common-3004+ds-1+117.2 salt-minion-3004+ds-1+117.2 spacecmd-4.3.11-47.3 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1200109 From sle-updates at lists.suse.com Mon Jun 20 16:22:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:22:02 +0200 (CEST) Subject: SUSE-RU-2022:2119-1: important: Recommended update for salt Message-ID: <20220620162202.8D9B2FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2119-1 Rating: important References: #1199149 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Module for Transactional Server 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt fixes the following issue: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fixes for Python 3.10 * Use the same logic in `_compat.py` and `entrypoints.py` to load the same `importlib.metadata.` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2119=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2022-2119=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2119=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2119=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.5.2 salt-3004-150400.8.5.2 salt-api-3004-150400.8.5.2 salt-cloud-3004-150400.8.5.2 salt-doc-3004-150400.8.5.2 salt-master-3004-150400.8.5.2 salt-minion-3004-150400.8.5.2 salt-proxy-3004-150400.8.5.2 salt-ssh-3004-150400.8.5.2 salt-standalone-formulas-configuration-3004-150400.8.5.2 salt-syndic-3004-150400.8.5.2 salt-transactional-update-3004-150400.8.5.2 - openSUSE Leap 15.4 (noarch): salt-bash-completion-3004-150400.8.5.2 salt-fish-completion-3004-150400.8.5.2 salt-zsh-completion-3004-150400.8.5.2 - SUSE Linux Enterprise Module for Transactional Server 15-SP4 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150400.8.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): salt-api-3004-150400.8.5.2 salt-cloud-3004-150400.8.5.2 salt-master-3004-150400.8.5.2 salt-proxy-3004-150400.8.5.2 salt-ssh-3004-150400.8.5.2 salt-standalone-formulas-configuration-3004-150400.8.5.2 salt-syndic-3004-150400.8.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): salt-fish-completion-3004-150400.8.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.5.2 salt-3004-150400.8.5.2 salt-doc-3004-150400.8.5.2 salt-minion-3004-150400.8.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): salt-bash-completion-3004-150400.8.5.2 salt-zsh-completion-3004-150400.8.5.2 References: https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:22:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:22:37 +0200 (CEST) Subject: SUSE-SU-2022:2137-1: important: Security update for golang-github-prometheus-node_exporter Message-ID: <20220620162237.E3AFAFD9D@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-node_exporter ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2137-1 Rating: important References: #1151558 #1190535 #1196338 SLE-24238 SLE-24239 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has two fixes is now available. Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch that was already included upstream. * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535) - Update to 1.1.2 * Bug fixes + Handle errors from disabled PSI subsystem #1983 + Sanitize strings from /sys/class/power_supply #1984 + Silence missing netclass errors #1986 - Trim old specfile constructs - Migrate to obs_scm - Migrate to go_modules - Update to 1.1.1 * Bug fixes + Fix ineffassign issue #1957 + Fix some noisy log lines #1962 - Update to 1.1.0 * Changes + Improve filter flag names #1743 + Add btrfs and powersupplyclass to list of exporters enabled by default #1897 * Features + Add fibre channel collector #1786 + Expose cpu bugs and flags as info metrics. #1788 + Add network_route collector #1811 + Add zoneinfo collector #1922 * Enhancements + Add more InfiniBand counters #1694 + Add flag to aggr ipvs metrics to avoid high cardinality metrics #1709 + Adding backlog/current queue length to qdisc collector #1732 + Include TCP OutRsts in netstat metrics #1733 + Add pool size to entropy collector #1753 + Remove CGO dependencies for OpenBSD amd64 #1774 + bcache: add writeback_rate_debug stats #1658 + Add check state for mdadm arrays via node_md_state metric #1810 + Expose XFS inode statistics #1870 + Expose zfs zpool state #1878 + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable #1947 * Bug fixes + filesystem_freebsd: Fix label values #1728 + Fix various procfs parsing errors #1735 + Handle no data from powersupplyclass #1747 + udp_queues_linux.go: change upd to udp in two error strings #1769 + Fix node_scrape_collector_success behaviour #1816 + Fix NodeRAIDDegraded to not use a string rule expressions #1827 + Fix node_md_disks state label from fail to failed #1862 + Handle EPERM for syscall in timex collector #1938 + bcache: fix typo in a metric name #1943 + Fix XFS read/write stats (https://github.com/prometheus/procfs/pull/343) - Do not include sources (bsc#1151558) - Remove rc symlink Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2137=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2137=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2137=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2137=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1151558 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1196338 From sle-updates at lists.suse.com Mon Jun 20 16:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:23:20 +0200 (CEST) Subject: SUSE-FU-2022:2133-1: important: Feature update for SUSE Manager Salt Bundle Message-ID: <20220620162320.F0844FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2133-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-2133=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:24:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:24:30 +0200 (CEST) Subject: SUSE-SU-2022:2139-1: important: Security update for golang-github-prometheus-alertmanager Message-ID: <20220620162430.0B206FD9D@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-alertmanager ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2139-1 Rating: important References: #1181400 #1196338 SLE-24077 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2139=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2139=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-2139=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2139=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1196338 From sle-updates at lists.suse.com Mon Jun 20 16:25:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:25:26 +0200 (CEST) Subject: SUSE-SU-2022:2140-1: important: Security update for node_exporter Message-ID: <20220620162526.175F8FD9D@maintenance.suse.de> SUSE Security Update: Security update for node_exporter ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2140-1 Rating: important References: #1190535 #1196338 SLE-24238 SLE-24239 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has one errata is now available. Description: This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2140=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2140=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2140=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2140=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2140=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2140=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2140=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2140=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2140=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2140=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2140=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2140=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2140=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2140=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2140=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2140=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2140=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2140=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2140=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 - SUSE CaaS Platform 4.0 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1196338 From sle-updates at lists.suse.com Mon Jun 20 16:26:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:26:15 +0200 (CEST) Subject: SUSE-FU-2022:14987-1: important: Feature update for SUSE Manager Salt Bundle Message-ID: <20220620162615.0F7A9FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:14987-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202204-14987=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:27:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:27:23 +0200 (CEST) Subject: SUSE-FU-2022:2124-1: important: Feature update for salt Message-ID: <20220620162723.B7C56FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for salt ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2124-1 Rating: important References: #1195625 #1199149 SLE-23672 SLE-24223 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two feature fixes and contains two features can now be installed. Description: This update for salt fixes the following issues: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2124=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-2124=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2124=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2124=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2124=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2124=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.21.1 salt-3004-150300.53.21.1 salt-api-3004-150300.53.21.1 salt-cloud-3004-150300.53.21.1 salt-doc-3004-150300.53.21.1 salt-master-3004-150300.53.21.1 salt-minion-3004-150300.53.21.1 salt-proxy-3004-150300.53.21.1 salt-ssh-3004-150300.53.21.1 salt-standalone-formulas-configuration-3004-150300.53.21.1 salt-syndic-3004-150300.53.21.1 salt-transactional-update-3004-150300.53.21.1 - openSUSE Leap 15.3 (noarch): salt-bash-completion-3004-150300.53.21.1 salt-fish-completion-3004-150300.53.21.1 salt-zsh-completion-3004-150300.53.21.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150300.53.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3004-150300.53.21.1 salt-cloud-3004-150300.53.21.1 salt-master-3004-150300.53.21.1 salt-proxy-3004-150300.53.21.1 salt-ssh-3004-150300.53.21.1 salt-standalone-formulas-configuration-3004-150300.53.21.1 salt-syndic-3004-150300.53.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3004-150300.53.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.21.1 salt-3004-150300.53.21.1 salt-doc-3004-150300.53.21.1 salt-minion-3004-150300.53.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3004-150300.53.21.1 salt-zsh-completion-3004-150300.53.21.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3004-150300.53.21.1 salt-3004-150300.53.21.1 salt-minion-3004-150300.53.21.1 salt-transactional-update-3004-150300.53.21.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3004-150300.53.21.1 salt-3004-150300.53.21.1 salt-minion-3004-150300.53.21.1 salt-transactional-update-3004-150300.53.21.1 References: https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:28:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:28:04 +0200 (CEST) Subject: SUSE-RU-2022:2136-1: Recommended update for SUSE Manager 4.3 Release Notes Message-ID: <20220620162804.413D3FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.3 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2136-1 Rating: low References: Affected Products: SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSE Manager 4.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.0.1 * Workarounds for some known issues. Release notes for SUSE Manager proxy: - Update to SUSE Manager 4.3.0.1 * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-2136=1 - SUSE Manager Retail Branch Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-2136=1 - SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-2136=1 Package List: - SUSE Manager Server 4.3 (ppc64le s390x x86_64): release-notes-susemanager-4.3.0.1-150400.3.5.1 - SUSE Manager Retail Branch Server 4.3 (x86_64): release-notes-susemanager-proxy-4.3.0.1-150400.3.3.2 - SUSE Manager Proxy 4.3 (x86_64): release-notes-susemanager-proxy-4.3.0.1-150400.3.3.2 References: From sle-updates at lists.suse.com Mon Jun 20 16:29:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:29:09 +0200 (CEST) Subject: SUSE-FU-2022:2128-1: important: Feature update for SUSE Manager Salt Bundle Message-ID: <20220620162909.15C0AFD9D@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2128-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-2128=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:30:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:30:14 +0200 (CEST) Subject: SUSE-RU-2022:2138-1: moderate: Recommended maintenance update for SUSE Manager: Debian11 Client Tools Message-ID: <20220620163014.01A57FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended maintenance update for SUSE Manager: Debian11 Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2138-1 Rating: moderate References: #1003449 #1013876 #1013938 #1015882 #1024406 #1027426 #1044719 #1063419 #1070372 #1076578 #1080290 #1081151 #1083294 #1085667 #1088070 #1094190 #1103090 #1103696 #1104034 #1109023 #1111542 #1125610 #1125744 #1127389 #1129243 #1130077 #1135881 #1138454 #1148311 #1153090 #1153277 #1154940 #1155372 #1163871 #1167907 #1169664 #1171281 #1171687 #1172709 #1173557 #1175889 #1176823 #1179566 #1180583 #1180584 #1180585 #1181124 #1181223 #1186581 #1188042 #1188977 #1190462 #1190512 #1194363 #1194909 #1197507 #1197689 #769106 #769108 #776615 #879904 #887879 #889605 #892707 #902494 #908849 #926318 #932288 #945380 #948245 #977264 #987798 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has 72 recommended fixes can now be installed. Description: Recommended maintenance update for SUSE Manager: Debian11 Client Tools spacecmd: - Provide spacecmd version 4.3.11. - Mention already fixed issues: bsc#1197507, bsc#1197689, bsc#1194909, bsc#1190462, bsc#1194363, bsc#1190512, bsc#1181223, bsc#1188977, bsc#1188042, bsc#1186581, bsc#1181124, bsc#1180583, bsc#1180585, bsc#1176823, bsc#1180584, bsc#1179566, bsc#1169664, bsc#1167907, bsc#1175889, bsc#1173557, bsc#1172709, bsc#1171281, bsc#1171687, bsc#1163871, bsc#1155372, bsc#1154940, bsc#1153090, bsc#1138454, bsc#1148311, bsc#1135881, bsc#1130077, bsc#1125744, bsc#1129243, bsc#1127389, bsc#1125610, bsc#987798, bsc#1111542, bsc#1109023, bsc#1104034, bsc#1103696, bsc#1103090, bsc#1094190, bsc#1083294, bsc#1083294, bsc#1088070, bsc#1083294, bsc#1085667, bsc#1083294, bsc#1076578, bsc#1081151, bsc#1080290, bsc#1063419, bsc#1070372, bsc#1044719, bsc#1015882, bsc#1013876, bsc#1027426, bsc#1024406, bsc#1013938, bsc#1003449, bsc#977264, bsc#948245, fate#311619, bsc#932288, bsc#945380, fate#314858, bsc#926318, bsc#908849, bsc#887879, bsc#879904, bsc#892707, bnc#889605, bsc#776615, bsc#769106, bsc#769108 prometheus-exporter-exporter: - Provide prometheus-exporter-exporter version 0.4.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-2138=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (amd64): prometheus-exporter-exporter-0.4.0-1 - SUSE Manager Debian 11-CLIENT-TOOLS (all): spacecmd-4.3.11-2.3.1 References: https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1013938 https://bugzilla.suse.com/1015882 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1080290 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173557 https://bugzilla.suse.com/1175889 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180583 https://bugzilla.suse.com/1180584 https://bugzilla.suse.com/1180585 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/769106 https://bugzilla.suse.com/769108 https://bugzilla.suse.com/776615 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/948245 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Mon Jun 20 16:36:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:36:38 +0200 (CEST) Subject: SUSE-FU-2022:2122-1: important: Feature update for salt Message-ID: <20220620163638.2A9F8FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for salt ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2122-1 Rating: important References: #1195625 SLE-23673 SLE-24223 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one feature fix and contains two features can now be installed. Description: This feature update for salt fixes the following issues: - Update to version 3004 (jsc#SLE-24223, jsc#SLE-23673) - See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2122=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2122=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2122=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2122=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2122=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2122=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2122=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2122=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2122=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3004-150200.69.1 salt-3004-150200.69.1 salt-api-3004-150200.69.1 salt-cloud-3004-150200.69.1 salt-doc-3004-150200.69.1 salt-master-3004-150200.69.1 salt-minion-3004-150200.69.1 salt-proxy-3004-150200.69.1 salt-ssh-3004-150200.69.1 salt-standalone-formulas-configuration-3004-150200.69.1 salt-syndic-3004-150200.69.1 salt-transactional-update-3004-150200.69.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3004-150200.69.1 salt-fish-completion-3004-150200.69.1 salt-zsh-completion-3004-150200.69.1 References: https://bugzilla.suse.com/1195625 From sle-updates at lists.suse.com Mon Jun 20 16:37:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:37:14 +0200 (CEST) Subject: SUSE-FU-2022:14989-1: moderate: Feature update for SUSE Manager Salt Bundle Message-ID: <20220620163714.8F56BFD9D@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:14989-1 Rating: moderate References: #1182851 #1196050 #1196432 #1197417 #1197637 #1198556 #1199149 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202204-14989=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.8.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:38:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:38:15 +0200 (CEST) Subject: SUSE-FU-2022:2129-1: important: Feature update for SUSE Manager Client Tools Message-ID: <20220620163815.EEA14FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2129-1 Rating: important References: #1181223 #1190462 #1195625 #1197507 #1197689 #1199149 SLE-23672 SLE-24223 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 feature fixes and contains two features can now be installed. Description: This update fixes the following issues: salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean parameters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-2129=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.56.1 salt-minion-3004+ds-1+2.56.1 spacecmd-4.3.11-2.30.1 References: https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:39:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:39:21 +0200 (CEST) Subject: SUSE-SU-2022:2134-1: important: Security update for SUSE Manager Client Tools Message-ID: <20220620163921.A96EEFD9D@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2134-1 Rating: important References: #1181223 #1181400 #1190462 #1190535 #1193600 #1194873 #1195726 #1195727 #1195728 #1196338 #1196704 #1197507 #1197689 SLE-23422 SLE-23439 SLE-24077 SLE-24238 SLE-24239 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2022-21703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Manager Tools 12 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 13 vulnerabilities, contains 5 features is now available. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-prometheus-alertmanager: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update required Go version to 1.16 - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch that is already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for "energy_uj" file (bsc#1190535) grafana: - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for "If execution error or timeout" when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in "Add threshold". * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses "Repeat For". - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe "results" to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any "evaluate for" value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for "label_values(log stream selector, label)" in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to "Time" for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix "count_non_null" reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes "error while loading library panels". * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2134=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2134=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2134=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2134=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-2134=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2134=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2134=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2134=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2134=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2134=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2134=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2134=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE OpenStack Cloud 9 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE OpenStack Cloud 8 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1 golang-github-prometheus-alertmanager-0.23.0-1.12.3 golang-github-prometheus-node_exporter-1.3.0-1.15.3 grafana-8.3.5-1.30.3 prometheus-blackbox_exporter-0.19.0-1.8.2 prometheus-blackbox_exporter-debuginfo-0.19.0-1.8.2 prometheus-postgres_exporter-0.10.0-1.8.2 python2-uyuni-common-libs-4.3.4-1.21.3 - SUSE Manager Tools 12 (noarch): mgr-cfg-4.3.6-1.27.4 mgr-cfg-actions-4.3.6-1.27.4 mgr-cfg-client-4.3.6-1.27.4 mgr-cfg-management-4.3.6-1.27.4 mgr-custom-info-4.3.3-1.18.1 mgr-daemon-4.3.4-1.32.3 mgr-osad-4.3.6-1.39.4 mgr-push-4.3.4-1.21.4 mgr-virtualization-host-4.3.5-1.29.3 python2-hwdata-2.3.5-12.9.1 python2-mgr-cfg-4.3.6-1.27.4 python2-mgr-cfg-actions-4.3.6-1.27.4 python2-mgr-cfg-client-4.3.6-1.27.4 python2-mgr-cfg-management-4.3.6-1.27.4 python2-mgr-osa-common-4.3.6-1.39.4 python2-mgr-osad-4.3.6-1.39.4 python2-mgr-push-4.3.4-1.21.4 python2-mgr-virtualization-common-4.3.5-1.29.3 python2-mgr-virtualization-host-4.3.5-1.29.3 python2-rhnlib-4.3.4-21.43.3 python2-spacewalk-check-4.3.9-52.71.3 python2-spacewalk-client-setup-4.3.9-52.71.3 python2-spacewalk-client-tools-4.3.9-52.71.3 python2-spacewalk-koan-4.3.5-24.33.3 python2-spacewalk-oscap-4.3.5-19.27.1 python2-suseRegisterInfo-4.3.3-25.27.3 spacecmd-4.3.11-38.103.3 spacewalk-check-4.3.9-52.71.3 spacewalk-client-setup-4.3.9-52.71.3 spacewalk-client-tools-4.3.9-52.71.3 spacewalk-koan-4.3.5-24.33.3 spacewalk-oscap-4.3.5-19.27.1 spacewalk-remote-utils-4.3.3-24.24.3 supportutils-plugin-salt-1.2.0-6.16.1 supportutils-plugin-susemanager-client-4.3.2-6.24.1 suseRegisterInfo-4.3.3-25.27.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 - HPE Helion Openstack 8 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.15.3 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-21673.html https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1194873 https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Mon Jun 20 16:41:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:41:08 +0200 (CEST) Subject: SUSE-FU-2022:2121-1: important: Feature update for Salt Message-ID: <20220620164108.A6A02FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for Salt ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2121-1 Rating: important References: #1195625 #1199149 SLE-23672 SLE-24223 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has two feature fixes and contains two features can now be installed. Description: This update fixes the following issues: salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2121=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2121=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2121=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2121=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3004-150000.8.41.37.1 salt-3004-150000.8.41.37.1 salt-api-3004-150000.8.41.37.1 salt-cloud-3004-150000.8.41.37.1 salt-doc-3004-150000.8.41.37.1 salt-master-3004-150000.8.41.37.1 salt-minion-3004-150000.8.41.37.1 salt-proxy-3004-150000.8.41.37.1 salt-ssh-3004-150000.8.41.37.1 salt-standalone-formulas-configuration-3004-150000.8.41.37.1 salt-syndic-3004-150000.8.41.37.1 salt-transactional-update-3004-150000.8.41.37.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3004-150000.8.41.37.1 salt-fish-completion-3004-150000.8.41.37.1 salt-zsh-completion-3004-150000.8.41.37.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3004-150000.8.41.37.1 salt-3004-150000.8.41.37.1 salt-api-3004-150000.8.41.37.1 salt-cloud-3004-150000.8.41.37.1 salt-doc-3004-150000.8.41.37.1 salt-master-3004-150000.8.41.37.1 salt-minion-3004-150000.8.41.37.1 salt-proxy-3004-150000.8.41.37.1 salt-ssh-3004-150000.8.41.37.1 salt-standalone-formulas-configuration-3004-150000.8.41.37.1 salt-syndic-3004-150000.8.41.37.1 salt-transactional-update-3004-150000.8.41.37.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.37.1 salt-fish-completion-3004-150000.8.41.37.1 salt-zsh-completion-3004-150000.8.41.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3004-150000.8.41.37.1 salt-3004-150000.8.41.37.1 salt-api-3004-150000.8.41.37.1 salt-cloud-3004-150000.8.41.37.1 salt-doc-3004-150000.8.41.37.1 salt-master-3004-150000.8.41.37.1 salt-minion-3004-150000.8.41.37.1 salt-proxy-3004-150000.8.41.37.1 salt-ssh-3004-150000.8.41.37.1 salt-standalone-formulas-configuration-3004-150000.8.41.37.1 salt-syndic-3004-150000.8.41.37.1 salt-transactional-update-3004-150000.8.41.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.37.1 salt-fish-completion-3004-150000.8.41.37.1 salt-zsh-completion-3004-150000.8.41.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3004-150000.8.41.37.1 salt-3004-150000.8.41.37.1 salt-api-3004-150000.8.41.37.1 salt-cloud-3004-150000.8.41.37.1 salt-doc-3004-150000.8.41.37.1 salt-master-3004-150000.8.41.37.1 salt-minion-3004-150000.8.41.37.1 salt-proxy-3004-150000.8.41.37.1 salt-ssh-3004-150000.8.41.37.1 salt-standalone-formulas-configuration-3004-150000.8.41.37.1 salt-syndic-3004-150000.8.41.37.1 salt-transactional-update-3004-150000.8.41.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3004-150000.8.41.37.1 salt-fish-completion-3004-150000.8.41.37.1 salt-zsh-completion-3004-150000.8.41.37.1 References: https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1199149 From sle-updates at lists.suse.com Mon Jun 20 16:42:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2022 18:42:19 +0200 (CEST) Subject: SUSE-RU-2022:2141-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220620164219.B5BC4FDD4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2141-1 Rating: moderate References: #1197689 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.2.17-1 * parse boolean paramaters correctly (bsc#1197689) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2022-2141=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): spacecmd-4.2.17-2.31.1 References: https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Tue Jun 21 10:15:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:15:54 +0200 (CEST) Subject: SUSE-SU-2022:2145-1: important: Security update for SUSE Manager Server 4.1 Message-ID: <20220621101554.C28D1FBAA@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2145-1 Rating: important References: #1173527 #1182742 #1189501 #1190535 #1191143 #1192850 #1193032 #1193238 #1193707 #1194262 #1194447 #1194594 #1194909 #1195561 #1196067 #1196338 #1196407 #1196702 #1196704 #1197356 #1197429 #1197438 #1197488 #1198221 #1198356 #1198686 #1198914 #1199036 #1199142 #1199149 #1199512 #1199528 #1199577 #1199629 #1199677 #1199888 #1200212 #1200606 SLE-24238 SLE-24239 Cross-References: CVE-2022-21698 CVE-2022-21724 CVE-2022-21952 CVE-2022-26520 CVE-2022-31248 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21724 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21724 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains two features and has 33 fixes is now available. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-lusitaniae-apache_exporter: - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-node_exporter: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535) patterns-suse-manager: - Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter postgresql-jdbc: - CVE-2022-26520: Address Arbitrary File Write Vulnerability (bsc#1197356) - CVE-2022-21724: Address unchecked class instantiation when loading plugins based on class names (bsc#1195561) prometheus-exporters-formula: - Version 0.9.5 * Postgres exporter package was renamed for Red Hat - Version 0.9.4 * Postgres exporter package was renamed for SUSE Linux Enterprise Server and openSUSE prometheus-formula: - Version 0.3.7 * Allow prometheus-formula only for SUSE systems (bsc#1199149) py27-compat-salt: - Remove redundant overrides causing confusing DEBUG logging (bsc#1189501) spacecmd: - Version 4.1.18-1 * implement system.bootstrap (bsc#1194909) spacewalk-backend: - Version 4.1.31-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) * Improve parsing deb packages dependencies (bsc#1194594) * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704) spacewalk-java: - Version 4.1.46-1 * Fix changelog to include the reference to CVE-2022-31248 - Version 4.1.45-1 * CVE-2022-31248: User enumeration via weak error message (bsc#1199629) * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) * During re-activation, recalculate grains if contact method has been changed (bsc#1199677) * autoinstallation: missing whitespace after install URL (bsc#1199888) * Change system details lock tab name to lock/unlock (bsc#1193032) * Set profile tag has no-mandatory in XCCDF result (bsc#1194262) * Added a notification to inform the administrators about the product end-of-life * provisioning thought proxy should use proxy for self_update (bsc#1199036) * Allow removing duplicated packages names in the same Salt action (bsc#1198686) * Fix ACL rules for config diff download for SLS files (bsc#1198914) * fix invalid link to action schedule * Redesign the auto errata task to schedule combined actions (bsc#1197429) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Optimize adding new products function (bsc#1193707) * change directory owner and permissions only when needed * Fixed broken help link for system overview * Finding empty profiles by mac address must be case insensitive (bsc#1196407) * generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909) spacewalk-setup: - Version 4.1.11-1 * spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356) spacewalk-utils: - Version 4.1.20-1 * spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356) * spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356) spacewalk-web: - Version 4.1.34-1 * Update Web UI version to 4.1.15 - Version 4.1.33-1 * Added support for end of life notifications subscription-matcher: - Version 0.28 * Support both antlr3-java and antlr3-runtime as dependencies * Make it obvious that log4j12 is used susemanager: - version 4.1.36-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.1.35-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - Version 4.1.34-1 * mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742) * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221) susemanager-doc-indexes: - The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) susemanager-docs_en: - The Large deployments Guide now includes a mention of the proxy (bsc#1199577) - In the Administration Guide, documented that monitoring tools are now available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however, Grafana is not available on Proxy (bsc#1191143) - In the Administration Guide, renamed the golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter - In the Client Configuration and Retail Guides clarified that mandatory channels are automatically checked (bsc#1173527) - In the Client Configuration Guide, marked Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) susemanager-schema: - Version 4.1.26-1 * add schema update directory from 4.1.25 to 4.1.26 susemanager-sls: - version 4.1.36-1 * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader - Version 4.1.35-1 * Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686) * Fix bootstrap repository path resolution for Oracle Linux * Fix deprecated warning when getting pillar data (bsc#1192850) * fixing how the return code is returned in mgrutil runner (bsc#1194909) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2145=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2 golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-150200.2.6.2 golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3 patterns-suma_retail-4.1-150200.6.12.2 patterns-suma_server-4.1-150200.6.12.2 susemanager-4.1.36-150200.3.52.1 susemanager-tools-4.1.36-150200.3.52.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): postgresql-jdbc-42.2.10-150200.3.8.2 prometheus-exporters-formula-0.9.5-150200.3.31.2 prometheus-formula-0.3.7-150200.3.21.2 py27-compat-salt-3000.3-150200.6.24.2 spacecmd-4.1.18-150200.4.39.3 spacewalk-backend-4.1.31-150200.4.50.4 spacewalk-backend-app-4.1.31-150200.4.50.4 spacewalk-backend-applet-4.1.31-150200.4.50.4 spacewalk-backend-config-files-4.1.31-150200.4.50.4 spacewalk-backend-config-files-common-4.1.31-150200.4.50.4 spacewalk-backend-config-files-tool-4.1.31-150200.4.50.4 spacewalk-backend-iss-4.1.31-150200.4.50.4 spacewalk-backend-iss-export-4.1.31-150200.4.50.4 spacewalk-backend-package-push-server-4.1.31-150200.4.50.4 spacewalk-backend-server-4.1.31-150200.4.50.4 spacewalk-backend-sql-4.1.31-150200.4.50.4 spacewalk-backend-sql-postgresql-4.1.31-150200.4.50.4 spacewalk-backend-tools-4.1.31-150200.4.50.4 spacewalk-backend-xml-export-libs-4.1.31-150200.4.50.4 spacewalk-backend-xmlrpc-4.1.31-150200.4.50.4 spacewalk-base-4.1.34-150200.3.47.6 spacewalk-base-minimal-4.1.34-150200.3.47.6 spacewalk-base-minimal-config-4.1.34-150200.3.47.6 spacewalk-html-4.1.34-150200.3.47.6 spacewalk-java-4.1.46-150200.3.71.5 spacewalk-java-config-4.1.46-150200.3.71.5 spacewalk-java-lib-4.1.46-150200.3.71.5 spacewalk-java-postgresql-4.1.46-150200.3.71.5 spacewalk-setup-4.1.11-150200.3.18.2 spacewalk-taskomatic-4.1.46-150200.3.71.5 spacewalk-utils-4.1.20-150200.3.30.2 spacewalk-utils-extras-4.1.20-150200.3.30.2 subscription-matcher-0.28-150200.3.15.2 susemanager-doc-indexes-4.1-150200.11.55.4 susemanager-docs_en-4.1-150200.11.55.2 susemanager-docs_en-pdf-4.1-150200.11.55.2 susemanager-schema-4.1.26-150200.3.45.4 susemanager-sls-4.1.36-150200.3.64.2 susemanager-web-libs-4.1.34-150200.3.47.6 uyuni-config-modules-4.1.36-150200.3.64.2 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-21724.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-26520.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1173527 https://bugzilla.suse.com/1182742 https://bugzilla.suse.com/1189501 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1191143 https://bugzilla.suse.com/1192850 https://bugzilla.suse.com/1193032 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194262 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195561 https://bugzilla.suse.com/1196067 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196407 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197356 https://bugzilla.suse.com/1197429 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1198221 https://bugzilla.suse.com/1198356 https://bugzilla.suse.com/1198686 https://bugzilla.suse.com/1198914 https://bugzilla.suse.com/1199036 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1199512 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199577 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1199677 https://bugzilla.suse.com/1199888 https://bugzilla.suse.com/1200212 https://bugzilla.suse.com/1200606 From sle-updates at lists.suse.com Tue Jun 21 10:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:19:15 +0200 (CEST) Subject: SUSE-SU-2022:2143-1: moderate: Recommended update for SUSE Manager 4.1.15 Release Notes Message-ID: <20220621101915.A27DEFBAA@maintenance.suse.de> SUSE Security Update: Recommended update for SUSE Manager 4.1.15 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2143-1 Rating: moderate References: #1182742 #1189501 #1190535 #1192850 #1193032 #1193238 #1193707 #1194262 #1194447 #1194594 #1194909 #1195561 #1196338 #1196407 #1196702 #1196704 #1197356 #1197429 #1197438 #1197488 #1198221 #1198356 #1198686 #1198914 #1199036 #1199142 #1199149 #1199512 #1199528 #1199629 #1199677 #1199888 Cross-References: CVE-2022-21724 CVE-2022-21952 CVE-2022-26520 CVE-2022-31248 CVSS scores: CVE-2022-21724 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21724 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 28 fixes is now available. Description: This update for SUSE Manager 4.1.15 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.1.15 * Salt has been upgraded to 3004 version * Grafana has been upgraded to 8.3.5 * Postgres exporter has been upgraded to 0.10.0 * Alertmanager has been upgraded to 0.23.0 * Node exporter has been upgraded 1.3.0 * CVEs fixed: CVE-2022-21724, CVE-2022-21952, CVE-2022-31248, CVE-2022-26520 * Bugs mentioned: bsc#1182742, bsc#1189501, bsc#1190535, bsc#1192850, bsc#1193032 bsc#1193238, bsc#1193707, bsc#1194262, bsc#1194447, bsc#1194594 bsc#1194909, bsc#1195561, bsc#1196338, bsc#1196407, bsc#1196702 bsc#1196704, bsc#1197356, bsc#1197429, bsc#1197438, bsc#1197488 bsc#1198221, bsc#1198356, bsc#1198686, bsc#1198914, bsc#1199036 bsc#1199142, bsc#1199149, bsc#1199512, bsc#1199528, bsc#1199629 bsc#1199677, bsc#1199888 Release notes for SUSE Manager proxy: - Update to 4.1.15 * Salt has been upgraded to 3004 version * Bugs mentioned: bsc#1190535, bsc#1193238, bsc#1194447, bsc#1194594, bsc#1194909 bsc#1196338, bsc#1196704, bsc#1199142, bsc#1199528 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2143=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2143=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2143=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.15-150200.3.80.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.15-150200.3.56.1 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.15-150200.3.56.1 References: https://www.suse.com/security/cve/CVE-2022-21724.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-26520.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1182742 https://bugzilla.suse.com/1189501 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1192850 https://bugzilla.suse.com/1193032 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194262 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195561 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196407 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197356 https://bugzilla.suse.com/1197429 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1198221 https://bugzilla.suse.com/1198356 https://bugzilla.suse.com/1198686 https://bugzilla.suse.com/1198914 https://bugzilla.suse.com/1199036 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1199512 https://bugzilla.suse.com/1199528 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1199677 https://bugzilla.suse.com/1199888 From sle-updates at lists.suse.com Tue Jun 21 10:22:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:22:07 +0200 (CEST) Subject: SUSE-SU-2022:2144-1: important: Security update for SUSE Manager Server 4.2 Message-ID: <20220621102207.39CBFFBAA@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2144-1 Rating: important References: #1187333 #1191143 #1192550 #1193707 #1194594 #1195710 #1196702 #1197400 #1197438 #1197449 #1197488 #1197591 #1197689 #1198221 #1199089 #1199142 #1199149 #1199512 #1199629 #1200212 #1200606 Cross-References: CVE-2021-44906 CVE-2022-21952 CVE-2022-31248 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: inter-server-sync: - version 0.2.2 * Parameter --channel-with-children didn't export data (bsc#1199089) * Clean rhnchannelcloned table to rebuild hierarchy (bsc#1197400) - Version 0.2.1 * Correct sequence in use for table rhnpackagekey(bsc#1197400) * Make Docker image export compatible with Suse Manager 4.2 - Version 0.2.0 * Allow images export and import (os based and Docker) prometheus-formula: - Version 0.6.2 * Allow prometheus-formula only for SUSE systems (bsc#1199149) salt-netapi-client: - Improve the hotfix for bsc#1192550 (bsc#1197449): smdba: - Don't package egg-info file for Enterprise Linux. spacecmd: - Version 4.2.17-1 * parse boolean paramaters correctly (bsc#1197689) spacewalk-backend: - version 4.2.22-1 * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) - Version 4.2.21-1 * Improve parsing deb packages dependencies (bsc#1194594) spacewalk-certs-tools: - Version 4.2.16-1 * Add Salt Bundle support to bootstrap script generator spacewalk-java: - version 4.2.38-1 * Remove unused gson-extras.jar during build - version 4.2.37-1 * CVE-2022-31248: User enumeration via weak error message. (bsc#1199629) - version 4.2.36-1 * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) - Version 4.2.35-1 * faster display installable packages list (bsc#1187333) * Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to the generated roster files to enable optional Salt Bundle support with Salt SSH * Fix reboot time on salt-ssh client(bsc#1197591) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Allow monitoring entitlement for debian 11 and 10 * Hide private methods in XMLRPC handlers * Warning log when hardware refresh result is not serializable * Optimize adding new products function (bsc#1193707) spacewalk-utils: - Version 4.2.16-1 * Add Debian 11 repositories spacewalk-web: - Version 4.2.27-1 * increase web page default timeout (bsc#1187333) * Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to default rhn_web.conf * Upgrade minimist to fix CVE-2021-44906 * susemanager-nodejs-sdk-devel is now provided by spacewalk-web * Resolve race conditions in CLM (bsc#1195710) susemanager: - version 4.2.32-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.2.31-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - version 4.2.30-1 * Fix a syntax problem at the bootstrap repository definitions - Version 4.2.29-1 * Add Salt Bundle support to mgr-create-bootstrap-repo * Enable bootstrapping for Debian 11 * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221) susemanager-doc-indexes: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - Updated saltversion attribute from 3002 to 3004 - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-docs_en: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-schema: - Version 4.2.22-1 * Add schema directory for susemanager-schema-4.2.21 susemanager-sls: - version 4.2.23-1 * Fix bootstrap repository URL resolution for Yum based clients with preflight script for Salt SSH - Version 4.2.22-1 * Add Salt Bundle support on bootstrapping * Add Salt SSH with Salt Bundle support * Add util.mgr_switch_to_venv_minion state to switch salt minions to use the Salt Bundle * Fix bootstrap repository path resolution for Oracle Linux * Handle salt bundle in set_proxy.sls susemanager-sync-data: - Version 4.2.12-1 * change release status of EL 7 and 8 aarch64 to released * change release status of Rocky Linux 8 x86_64 to released * add Debian 11 amd64 supportutils-plugin-salt: - Update to version 1.2.0 * Add support for Salt Bundle virtual-host-gatherer: - Version 1.0.23-1 * reformat the first 3 groups of the UUID for hardware versions >=13 in VMWare environment. * Fix shebangs to use python3 * Implement libvirt module How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2144=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.2.2-150300.8.17.1 inter-server-sync-debuginfo-0.2.2-150300.8.17.1 smdba-1.7.10-0.150300.3.6.1 susemanager-4.2.32-150300.3.31.1 susemanager-tools-4.2.32-150300.3.31.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): prometheus-formula-0.6.2-150300.3.14.1 python3-spacewalk-certs-tools-4.2.16-150300.3.18.3 salt-netapi-client-0.19.0-150300.3.6.1 spacecmd-4.2.17-150300.4.21.4 spacewalk-backend-4.2.22-150300.4.23.1 spacewalk-backend-app-4.2.22-150300.4.23.1 spacewalk-backend-applet-4.2.22-150300.4.23.1 spacewalk-backend-config-files-4.2.22-150300.4.23.1 spacewalk-backend-config-files-common-4.2.22-150300.4.23.1 spacewalk-backend-config-files-tool-4.2.22-150300.4.23.1 spacewalk-backend-iss-4.2.22-150300.4.23.1 spacewalk-backend-iss-export-4.2.22-150300.4.23.1 spacewalk-backend-package-push-server-4.2.22-150300.4.23.1 spacewalk-backend-server-4.2.22-150300.4.23.1 spacewalk-backend-sql-4.2.22-150300.4.23.1 spacewalk-backend-sql-postgresql-4.2.22-150300.4.23.1 spacewalk-backend-tools-4.2.22-150300.4.23.1 spacewalk-backend-xml-export-libs-4.2.22-150300.4.23.1 spacewalk-backend-xmlrpc-4.2.22-150300.4.23.1 spacewalk-base-4.2.27-150300.3.21.7 spacewalk-base-minimal-4.2.27-150300.3.21.7 spacewalk-base-minimal-config-4.2.27-150300.3.21.7 spacewalk-certs-tools-4.2.16-150300.3.18.3 spacewalk-html-4.2.27-150300.3.21.7 spacewalk-java-4.2.38-150300.3.35.1 spacewalk-java-config-4.2.38-150300.3.35.1 spacewalk-java-lib-4.2.38-150300.3.35.1 spacewalk-java-postgresql-4.2.38-150300.3.35.1 spacewalk-taskomatic-4.2.38-150300.3.35.1 spacewalk-utils-4.2.16-150300.3.15.5 spacewalk-utils-extras-4.2.16-150300.3.15.5 supportutils-plugin-salt-1.2.0-150300.3.3.1 susemanager-doc-indexes-4.2-150300.12.27.6 susemanager-docs_en-4.2-150300.12.27.1 susemanager-docs_en-pdf-4.2-150300.12.27.1 susemanager-schema-4.2.22-150300.3.21.6 susemanager-sls-4.2.23-150300.3.25.4 susemanager-sync-data-4.2.12-150300.3.18.3 uyuni-config-modules-4.2.23-150300.3.25.4 virtual-host-gatherer-1.0.23-150300.3.3.1 virtual-host-gatherer-Kubernetes-1.0.23-150300.3.3.1 virtual-host-gatherer-Nutanix-1.0.23-150300.3.3.1 virtual-host-gatherer-VMware-1.0.23-150300.3.3.1 virtual-host-gatherer-libcloud-1.0.23-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1187333 https://bugzilla.suse.com/1191143 https://bugzilla.suse.com/1192550 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1195710 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1197400 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197449 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1197591 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1198221 https://bugzilla.suse.com/1199089 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1199512 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1200212 https://bugzilla.suse.com/1200606 From sle-updates at lists.suse.com Tue Jun 21 10:24:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:24:06 +0200 (CEST) Subject: SUSE-RU-2022:2145-1: moderate: Recommended update for SUSE Manager Proxy 4.1 Message-ID: <20220621102406.571FAFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2145-1 Rating: moderate References: #1190535 #1193238 #1194447 #1194594 #1194909 #1196338 #1196704 #1199142 #1199528 SLE-24238 SLE-24239 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has 8 fixes is now available. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for Red Hat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-lusitaniae-apache_exporter: - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-node_exporter: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for "energy_uj" file (bsc#1190535) from https://github.com/prometheus/node_exporter/pull/2092 patterns-suse-manager: - Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter spacecmd: - Version 4.1.18-1 * implement system.bootstrap (bsc#1194909) spacewalk-backend: - Version 4.1.31-1 * Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238) * Fix virt_notify SQL syntax error (bsc#1199528) * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) * Improve parsing deb packages dependencies (bsc#1194594) * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704) spacewalk-web: - Version 4.1.33-1 * Added support for end of life notifications How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-2145=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.18-150200.4.39.3 spacewalk-backend-4.1.31-150200.4.50.4 spacewalk-base-minimal-4.1.34-150200.3.47.6 spacewalk-base-minimal-config-4.1.34-150200.3.47.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2 golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-150200.2.6.2 golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3 patterns-suma_proxy-4.1-150200.6.12.2 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1193238 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199528 From sle-updates at lists.suse.com Tue Jun 21 10:25:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:25:17 +0200 (CEST) Subject: SUSE-SU-2022:2146-1: important: Security update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20220621102517.82698FBAA@maintenance.suse.de> SUSE Security Update: Security update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2146-1 Rating: important References: #1187333 #1191143 #1192550 #1193707 #1194594 #1195710 #1196702 #1197400 #1197438 #1197449 #1197488 #1197591 #1197689 #1198221 Cross-References: CVE-2021-44906 CVE-2022-21952 CVE-2022-31248 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 11 fixes is now available. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to 4.2.7 * Salt has been upgraded to 3004 version * Enabled salt bundle as optional * Debian 11 client support has been added * Alertmanager has been upgraded to 0.23.0 * Node exporter has been upgraded 1.3.0 * CVEs fixed: CVE-2021-44906, CVE-2022-21952, CVE-2022-31248 * Bugs mentioned: bsc#1187333, bsc#1191143, bsc#1192550, bsc#1193707, bsc#1194594 bsc#1195710, bsc#1196702, bsc#1197400, bsc#1197438, bsc#1197449 bsc#1197488, bsc#1197591, bsc#1197689, bsc#1198221 Release notes for SUSE Manager proxy: - Update to 4.2.7 * Salt has been upgraded to 3004 version * Bugs mentioned: bsc#1187333, bsc#1194594, bsc#1195710, bsc#1197689 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2146=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2146=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2146=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.7-150300.3.44.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.7-150300.3.31.2 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.7-150300.3.31.2 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1187333 https://bugzilla.suse.com/1191143 https://bugzilla.suse.com/1192550 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1195710 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1197400 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197449 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1197591 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1198221 From sle-updates at lists.suse.com Tue Jun 21 10:26:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 12:26:51 +0200 (CEST) Subject: SUSE-SU-2022:2144-1: important: Security update for SUSE Manager Server 4.2 Message-ID: <20220621102651.7C47EFBAA@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2144-1 Rating: important References: #1187333 #1191143 #1192550 #1193707 #1194594 #1195710 #1196702 #1197400 #1197438 #1197449 #1197488 #1197591 #1197689 #1198221 #1199089 #1199142 #1199149 #1199512 #1199629 #1200212 #1200606 Cross-References: CVE-2021-44906 CVE-2022-21952 CVE-2022-31248 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: inter-server-sync: - version 0.2.2 * Parameter --channel-with-children didn't export data (bsc#1199089) * Clean rhnchannelcloned table to rebuild hierarchy (bsc#1197400) - Version 0.2.1 * Correct sequence in use for table rhnpackagekey(bsc#1197400) * Make Docker image export compatible with Suse Manager 4.2 - Version 0.2.0 * Allow images export and import (os based and Docker) prometheus-formula: - Version 0.6.2 * Allow prometheus-formula only for SUSE systems (bsc#1199149) salt-netapi-client: - Improve the hotfix for bsc#1192550 (bsc#1197449): smdba: - Don't package egg-info file for Enterprise Linux. spacecmd: - Version 4.2.17-1 * parse boolean paramaters correctly (bsc#1197689) spacewalk-backend: - version 4.2.22-1 * Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142) - Version 4.2.21-1 * Improve parsing deb packages dependencies (bsc#1194594) spacewalk-certs-tools: - Version 4.2.16-1 * Add Salt Bundle support to bootstrap script generator spacewalk-java: - version 4.2.38-1 * Remove unused gson-extras.jar during build - version 4.2.37-1 * CVE-2022-31248: User enumeration via weak error message. (bsc#1199629) - version 4.2.36-1 * CVE-2022-21952: Unauthenticated remote Denial of Service via resource exhaustion. (bsc#1199512) - Version 4.2.35-1 * faster display installable packages list (bsc#1187333) * Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to the generated roster files to enable optional Salt Bundle support with Salt SSH * Fix reboot time on salt-ssh client(bsc#1197591) * detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488) * Allow monitoring entitlement for debian 11 and 10 * Hide private methods in XMLRPC handlers * Warning log when hardware refresh result is not serializable * Optimize adding new products function (bsc#1193707) spacewalk-utils: - Version 4.2.16-1 * Add Debian 11 repositories spacewalk-web: - Version 4.2.27-1 * increase web page default timeout (bsc#1187333) * Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to default rhn_web.conf * Upgrade minimist to fix CVE-2021-44906 * susemanager-nodejs-sdk-devel is now provided by spacewalk-web * Resolve race conditions in CLM (bsc#1195710) susemanager: - version 4.2.32-1 * Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606) - version 4.2.31-1 * Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212) - version 4.2.30-1 * Fix a syntax problem at the bootstrap repository definitions - Version 4.2.29-1 * Add Salt Bundle support to mgr-create-bootstrap-repo * Enable bootstrapping for Debian 11 * fix SLE15 bootstrap repo definition (bsc#1197438) * Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702) * Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221) susemanager-doc-indexes: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - Updated saltversion attribute from 3002 to 3004 - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-docs_en: - Updated Salt version for Server and Proxy to 3004 - Added details to Client Configuration Guide on using Salt Bundle as optional - In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143) - Documented Autoyast installation features in Autoyast section of the Client Configuration Guide - In Client Configuration Guide document Debian 11 as a supported OS as a client - In Client Configuration Guide, clarified client upgrade issues - In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients - In Client Configuration Guide, mark the applying patches features as supported on Ubuntu - SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation. susemanager-schema: - Version 4.2.22-1 * Add schema directory for susemanager-schema-4.2.21 susemanager-sls: - version 4.2.23-1 * Fix bootstrap repository URL resolution for Yum based clients with preflight script for Salt SSH - Version 4.2.22-1 * Add Salt Bundle support on bootstrapping * Add Salt SSH with Salt Bundle support * Add util.mgr_switch_to_venv_minion state to switch salt minions to use the Salt Bundle * Fix bootstrap repository path resolution for Oracle Linux * Handle salt bundle in set_proxy.sls susemanager-sync-data: - Version 4.2.12-1 * change release status of EL 7 and 8 aarch64 to released * change release status of Rocky Linux 8 x86_64 to released * add Debian 11 amd64 supportutils-plugin-salt: - Update to version 1.2.0 * Add support for Salt Bundle virtual-host-gatherer: - Version 1.0.23-1 * reformat the first 3 groups of the UUID for hardware versions >=13 in VMWare environment. * Fix shebangs to use python3 * Implement libvirt module How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2144=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2144=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.2.2-150300.8.17.1 inter-server-sync-debuginfo-0.2.2-150300.8.17.1 smdba-1.7.10-0.150300.3.6.1 susemanager-4.2.32-150300.3.31.1 susemanager-tools-4.2.32-150300.3.31.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): prometheus-formula-0.6.2-150300.3.14.1 python3-spacewalk-certs-tools-4.2.16-150300.3.18.3 salt-netapi-client-0.19.0-150300.3.6.1 spacecmd-4.2.17-150300.4.21.4 spacewalk-backend-4.2.22-150300.4.23.1 spacewalk-backend-app-4.2.22-150300.4.23.1 spacewalk-backend-applet-4.2.22-150300.4.23.1 spacewalk-backend-config-files-4.2.22-150300.4.23.1 spacewalk-backend-config-files-common-4.2.22-150300.4.23.1 spacewalk-backend-config-files-tool-4.2.22-150300.4.23.1 spacewalk-backend-iss-4.2.22-150300.4.23.1 spacewalk-backend-iss-export-4.2.22-150300.4.23.1 spacewalk-backend-package-push-server-4.2.22-150300.4.23.1 spacewalk-backend-server-4.2.22-150300.4.23.1 spacewalk-backend-sql-4.2.22-150300.4.23.1 spacewalk-backend-sql-postgresql-4.2.22-150300.4.23.1 spacewalk-backend-tools-4.2.22-150300.4.23.1 spacewalk-backend-xml-export-libs-4.2.22-150300.4.23.1 spacewalk-backend-xmlrpc-4.2.22-150300.4.23.1 spacewalk-base-4.2.27-150300.3.21.7 spacewalk-base-minimal-4.2.27-150300.3.21.7 spacewalk-base-minimal-config-4.2.27-150300.3.21.7 spacewalk-certs-tools-4.2.16-150300.3.18.3 spacewalk-html-4.2.27-150300.3.21.7 spacewalk-java-4.2.38-150300.3.35.1 spacewalk-java-config-4.2.38-150300.3.35.1 spacewalk-java-lib-4.2.38-150300.3.35.1 spacewalk-java-postgresql-4.2.38-150300.3.35.1 spacewalk-taskomatic-4.2.38-150300.3.35.1 spacewalk-utils-4.2.16-150300.3.15.5 spacewalk-utils-extras-4.2.16-150300.3.15.5 supportutils-plugin-salt-1.2.0-150300.3.3.1 susemanager-doc-indexes-4.2-150300.12.27.6 susemanager-docs_en-4.2-150300.12.27.1 susemanager-docs_en-pdf-4.2-150300.12.27.1 susemanager-schema-4.2.22-150300.3.21.6 susemanager-sls-4.2.23-150300.3.25.4 susemanager-sync-data-4.2.12-150300.3.18.3 uyuni-config-modules-4.2.23-150300.3.25.4 virtual-host-gatherer-1.0.23-150300.3.3.1 virtual-host-gatherer-Kubernetes-1.0.23-150300.3.3.1 virtual-host-gatherer-Nutanix-1.0.23-150300.3.3.1 virtual-host-gatherer-VMware-1.0.23-150300.3.3.1 virtual-host-gatherer-libcloud-1.0.23-150300.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-spacewalk-certs-tools-4.2.16-150300.3.18.3 spacecmd-4.2.17-150300.4.21.4 spacewalk-backend-4.2.22-150300.4.23.1 spacewalk-base-minimal-4.2.27-150300.3.21.7 spacewalk-base-minimal-config-4.2.27-150300.3.21.7 spacewalk-certs-tools-4.2.16-150300.3.18.3 supportutils-plugin-salt-1.2.0-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2022-21952.html https://www.suse.com/security/cve/CVE-2022-31248.html https://bugzilla.suse.com/1187333 https://bugzilla.suse.com/1191143 https://bugzilla.suse.com/1192550 https://bugzilla.suse.com/1193707 https://bugzilla.suse.com/1194594 https://bugzilla.suse.com/1195710 https://bugzilla.suse.com/1196702 https://bugzilla.suse.com/1197400 https://bugzilla.suse.com/1197438 https://bugzilla.suse.com/1197449 https://bugzilla.suse.com/1197488 https://bugzilla.suse.com/1197591 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1198221 https://bugzilla.suse.com/1199089 https://bugzilla.suse.com/1199142 https://bugzilla.suse.com/1199149 https://bugzilla.suse.com/1199512 https://bugzilla.suse.com/1199629 https://bugzilla.suse.com/1200212 https://bugzilla.suse.com/1200606 From sle-updates at lists.suse.com Tue Jun 21 12:03:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 14:03:53 +0200 (CEST) Subject: SUSE-CU-2022:1338-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20220621120353.97310FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1338-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.0 , suse/manager/4.3/proxy-httpd:4.3.0.7.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 7.11 Severity : moderate Type : security References : 1080985 1111572 1142041 1192951 1193659 1195283 1196861 1197065 1197716 1198106 1198751 CVE-2018-6952 CVE-2019-13636 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1925-1 Released: Thu Jun 2 14:35:20 2022 Summary: Security update for patch Type: security Severity: moderate References: 1080985,1111572,1142041,1198106,CVE-2018-6952,CVE-2019-13636 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - spacewalk-proxy-html-4.3.3-150400.1.11 updated - glibc-locale-base-2.31-150300.26.5 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - patch-2.7.6-150000.5.3.1 updated - glibc-locale-2.31-150300.26.5 updated - uyuni-base-common-4.3.2-150400.1.21 updated - python3-uyuni-common-libs-4.3.4-150400.1.16 updated - glibc-devel-2.31-150300.26.5 updated - spacewalk-base-minimal-4.3.20-150400.1.2 updated - spacewalk-ssl-cert-check-4.3.2-150400.1.29 updated - spacewalk-base-minimal-config-4.3.20-150400.1.2 updated - python3-rhnlib-4.3.4-150400.1.15 updated - spacewalk-backend-4.3.13-150400.1.4 updated - python3-spacewalk-client-tools-4.3.9-150400.1.58 updated - spacewalk-client-tools-4.3.9-150400.1.58 updated - python3-spacewalk-certs-tools-4.3.13-150400.1.1 updated - spacewalk-certs-tools-4.3.13-150400.1.1 updated - mgr-push-4.3.4-150400.1.36 updated - python3-mgr-push-4.3.4-150400.1.36 updated - spacewalk-proxy-package-manager-4.3.10-150400.1.3 updated - spacewalk-proxy-common-4.3.10-150400.1.3 updated - spacewalk-proxy-broker-4.3.10-150400.1.3 updated - susemanager-tftpsync-recv-4.3.6-150400.1.10 updated - spacewalk-proxy-redirect-4.3.10-150400.1.3 updated From sle-updates at lists.suse.com Tue Jun 21 13:16:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2022 15:16:12 +0200 (CEST) Subject: SUSE-SU-2022:2147-1: important: Security update for python36 Message-ID: <20220621131612.13E4CFBAA@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2147-1 Rating: important References: #1198511 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python36 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2147=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2147=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python36-devel-3.6.15-24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-24.1 libpython3_6m1_0-debuginfo-3.6.15-24.1 python36-3.6.15-24.1 python36-base-3.6.15-24.1 python36-base-debuginfo-3.6.15-24.1 python36-debuginfo-3.6.15-24.1 python36-debugsource-3.6.15-24.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_6m1_0-32bit-3.6.15-24.1 libpython3_6m1_0-debuginfo-32bit-3.6.15-24.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Wed Jun 22 07:21:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:21:05 +0200 (CEST) Subject: SUSE-CU-2022:1343-1: Recommended update of bci/nodejs Message-ID: <20220622072105.1CAB9FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1343-1 Container Tags : bci/node:12 , bci/node:12-16.76 , bci/nodejs:12 , bci/nodejs:12-16.76 Container Release : 16.76 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.16 updated From sle-updates at lists.suse.com Wed Jun 22 07:25:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:25:40 +0200 (CEST) Subject: SUSE-CU-2022:1344-1: Recommended update of bci/python Message-ID: <20220622072540.CD12AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1344-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.5 Container Release : 18.5 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:sles15-image-15.0.0-17.17.16 updated From sle-updates at lists.suse.com Wed Jun 22 07:28:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:28:50 +0200 (CEST) Subject: SUSE-CU-2022:1356-1: Security update of bci/nodejs Message-ID: <20220622072850.2BC66FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1356-1 Container Tags : bci/node:16 , bci/node:16-8.3 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.3 , bci/nodejs:latest Container Release : 8.3 Severity : important Type : security References : 1040589 1177460 1179416 1180125 1181400 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1191157 1192951 1193489 1193659 1193711 1194883 1194968 1195283 1195628 1196093 1196107 1196275 1196406 1196647 1196861 1197004 1197024 1197065 1197459 1197743 1197771 1197794 1198062 1198176 1198234 1198446 1198751 1199240 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2022-1271 CVE-2022-1304 CVE-2022-24765 CVE-2022-29155 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.26.5 updated - perl-base-5.26.1-150300.17.3.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libuuid1-2.37.2-150400.6.26 updated - libudev1-249.11-150400.6.8 updated - libsmartcols1-2.37.2-150400.6.26 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.38 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libblkid1-2.37.2-150400.6.26 updated - libaudit1-3.0.6-150400.2.13 updated - libgcrypt20-1.9.4-150400.4.6 updated - libgcrypt20-hmac-1.9.4-150400.4.6 updated - libfdisk1-2.37.2-150400.6.26 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1l-150400.5.14 updated - libopenssl1_1-hmac-1.1.1l-150400.5.14 updated - libelf1-0.185-150400.3.35 updated - libselinux1-3.1-150400.1.69 updated - libxml2-2-2.9.12-150400.3.4 updated - libsystemd0-249.11-150400.6.8 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libdw1-0.185-150400.3.35 updated - libsemanage1-3.1-150400.1.65 updated - libmount1-2.37.2-150400.6.26 updated - krb5-1.19.2-150400.1.9 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - libssh4-0.9.6-150400.1.5 updated - login_defs-4.8.1-150400.8.57 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.79.1-150400.3.1 updated - coreutils-8.32-150400.7.5 updated - sles-release-15.4-150400.55.1 updated - grep-3.1-150000.4.6.1 updated - rpm-config-SUSE-1-150400.12.41 updated - permissions-20201225-150400.3.4 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.58.3 updated - shadow-4.8.1-150400.8.57 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.6.26 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libexpat1-2.4.4-150400.2.24 updated - libpcre2-8-0-10.39-150400.2.3 updated - system-user-nobody-20170617-150400.22.33 updated - timezone-2022a-150000.75.7.1 updated - less-590-150400.1.51 updated - nodejs-common-5.0-150400.1.4 updated - nodejs16-16.14.1-150400.1.26 updated - npm16-16.14.1-150400.1.26 updated - git-core-2.35.3-150300.10.12.1 updated - container:sles15-image-15.0.0-27.8.1 updated From sle-updates at lists.suse.com Wed Jun 22 07:29:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:29:10 +0200 (CEST) Subject: SUSE-CU-2022:1357-1: Security update of bci/openjdk-devel Message-ID: <20220622072910.B0D50FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1357-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.7 , bci/openjdk-devel:latest Container Release : 14.7 Severity : important Type : security References : 1040589 1094832 1146299 1179416 1180125 1181400 1181805 1183543 1183545 1183659 1184123 1185299 1187670 1188548 1189749 1190824 1191157 1192951 1193489 1193659 1193711 1194883 1194968 1195283 1195628 1196093 1196107 1196275 1196406 1196647 1196861 1197004 1197024 1197065 1197459 1197743 1197771 1197794 1198062 1198068 1198176 1198234 1198446 1198671 1198672 1198673 1198674 1198675 1198751 1199240 1200426 974847 CVE-2016-3977 CVE-2018-11490 CVE-2018-25032 CVE-2019-15133 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-37714 CVE-2022-1271 CVE-2022-1304 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-24765 CVE-2022-29155 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1033-1 Released: Tue Mar 29 18:42:05 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: This update for java-11-openjdk fixes the following issues: - Build failure on Solaris. - Unable to connect to https://google.com using java.net.HttpClient. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1265-1 Released: Tue Apr 19 15:22:37 2022 Summary: Security update for jsoup, jsr-305 Type: security Severity: important References: 1189749,CVE-2021-37714 This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1660-1 Released: Fri May 13 15:42:21 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: 1198068 This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2060-1 Released: Mon Jun 13 15:26:16 2022 Summary: Recommended update for geronimo-specs Type: recommended Severity: moderate References: 1200426 This recommended update for geronimo-specs provides the following fix: - Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.26.5 updated - perl-base-5.26.1-150300.17.3.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libuuid1-2.37.2-150400.6.26 updated - libudev1-249.11-150400.6.8 updated - libsmartcols1-2.37.2-150400.6.26 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.38 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libblkid1-2.37.2-150400.6.26 updated - libaudit1-3.0.6-150400.2.13 updated - libgcrypt20-1.9.4-150400.4.6 updated - libgcrypt20-hmac-1.9.4-150400.4.6 updated - libfdisk1-2.37.2-150400.6.26 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1l-150400.5.14 updated - libopenssl1_1-hmac-1.1.1l-150400.5.14 updated - libelf1-0.185-150400.3.35 updated - libselinux1-3.1-150400.1.69 updated - libglib-2_0-0-2.70.4-150400.1.5 updated - libxml2-2-2.9.12-150400.3.4 updated - libsystemd0-249.11-150400.6.8 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libdw1-0.185-150400.3.35 updated - libsemanage1-3.1-150400.1.65 updated - libmount1-2.37.2-150400.6.26 updated - krb5-1.19.2-150400.1.9 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - libssh4-0.9.6-150400.1.5 updated - login_defs-4.8.1-150400.8.57 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.79.1-150400.3.1 updated - coreutils-8.32-150400.7.5 updated - sles-release-15.4-150400.55.1 updated - grep-3.1-150000.4.6.1 updated - rpm-config-SUSE-1-150400.12.41 updated - permissions-20201225-150400.3.4 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.58.3 updated - shadow-4.8.1-150400.8.57 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.6.26 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - crypto-policies-20210917.c9d86d1-150400.1.7 updated - libp11-kit0-0.23.22-150400.1.10 updated - openssl-1_1-1.1.1l-150400.5.14 updated - p11-kit-0.23.22-150400.1.10 updated - p11-kit-tools-0.23.22-150400.1.10 updated - libasound2-1.2.6.1-150400.1.4 updated - libexpat1-2.4.4-150400.2.24 updated - libfreebl3-3.68.3-150400.1.7 updated - libfreebl3-hmac-3.68.3-150400.1.7 updated - libgif7-5.2.1-150000.4.8.1 updated - libjpeg8-8.2.2-150400.15.9 updated - liblcms2-2-2.12-150400.1.10 updated - libpcsclite1-1.9.4-150400.1.9 updated - mozilla-nss-certs-3.68.3-150400.1.7 updated - libharfbuzz0-3.4.0-150400.1.5 updated - fontconfig-2.13.1-150400.1.4 updated - libfontconfig1-2.13.1-150400.1.4 updated - libsoftokn3-3.68.3-150400.1.7 updated - mozilla-nss-3.68.3-150400.1.7 updated - libsoftokn3-hmac-3.68.3-150400.1.7 updated - java-11-openjdk-headless-11.0.15.0-150000.3.80.1 updated - java-11-openjdk-11.0.15.0-150000.3.80.1 updated - geronimo-annotation-1_0-api-1.2-150200.15.2.1 updated - java-11-openjdk-devel-11.0.15.0-150000.3.80.1 updated - jsoup-1.14.2-150200.3.3.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libpcre2-8-0-10.39-150400.2.3 updated - publicsuffix-20220405-150000.3.9.1 updated - less-590-150400.1.51 updated - git-core-2.35.3-150300.10.12.1 updated - container:bci-openjdk-11-11-12.3 updated From sle-updates at lists.suse.com Wed Jun 22 07:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:29:31 +0200 (CEST) Subject: SUSE-CU-2022:1358-1: Security update of bci/openjdk Message-ID: <20220622072931.14F03FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1358-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.3 , bci/openjdk:latest Container Release : 12.3 Severity : important Type : security References : 1040589 1094832 1146299 1179416 1180125 1181805 1183543 1183545 1183659 1184123 1185299 1187670 1188548 1190824 1191157 1192951 1193489 1193659 1193711 1194883 1194968 1195283 1195628 1196093 1196107 1196275 1196406 1196647 1196861 1197004 1197024 1197065 1197459 1197771 1197794 1198062 1198176 1198446 1198671 1198672 1198673 1198674 1198675 1198751 1199240 974847 CVE-2016-3977 CVE-2018-11490 CVE-2018-25032 CVE-2019-15133 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2022-1271 CVE-2022-1304 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-29155 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1033-1 Released: Tue Mar 29 18:42:05 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: This update for java-11-openjdk fixes the following issues: - Build failure on Solaris. - Unable to connect to https://google.com using java.net.HttpClient. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.26.5 updated - perl-base-5.26.1-150300.17.3.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libuuid1-2.37.2-150400.6.26 updated - libsmartcols1-2.37.2-150400.6.26 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.38 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libblkid1-2.37.2-150400.6.26 updated - libaudit1-3.0.6-150400.2.13 updated - libgcrypt20-1.9.4-150400.4.6 updated - libgcrypt20-hmac-1.9.4-150400.4.6 updated - libfdisk1-2.37.2-150400.6.26 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1l-150400.5.14 updated - libopenssl1_1-hmac-1.1.1l-150400.5.14 updated - libelf1-0.185-150400.3.35 updated - libselinux1-3.1-150400.1.69 updated - libglib-2_0-0-2.70.4-150400.1.5 updated - libxml2-2-2.9.12-150400.3.4 updated - libsystemd0-249.11-150400.6.8 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libdw1-0.185-150400.3.35 updated - libsemanage1-3.1-150400.1.65 updated - libmount1-2.37.2-150400.6.26 updated - krb5-1.19.2-150400.1.9 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - libssh4-0.9.6-150400.1.5 updated - login_defs-4.8.1-150400.8.57 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.79.1-150400.3.1 updated - coreutils-8.32-150400.7.5 updated - sles-release-15.4-150400.55.1 updated - grep-3.1-150000.4.6.1 updated - rpm-config-SUSE-1-150400.12.41 updated - permissions-20201225-150400.3.4 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.58.3 updated - shadow-4.8.1-150400.8.57 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.6.26 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - crypto-policies-20210917.c9d86d1-150400.1.7 updated - libp11-kit0-0.23.22-150400.1.10 updated - openssl-1_1-1.1.1l-150400.5.14 updated - p11-kit-0.23.22-150400.1.10 updated - p11-kit-tools-0.23.22-150400.1.10 updated - libasound2-1.2.6.1-150400.1.4 updated - libexpat1-2.4.4-150400.2.24 updated - libfreebl3-3.68.3-150400.1.7 updated - libfreebl3-hmac-3.68.3-150400.1.7 updated - libgif7-5.2.1-150000.4.8.1 updated - libjpeg8-8.2.2-150400.15.9 updated - liblcms2-2-2.12-150400.1.10 updated - libpcsclite1-1.9.4-150400.1.9 updated - mozilla-nss-certs-3.68.3-150400.1.7 updated - libharfbuzz0-3.4.0-150400.1.5 updated - fontconfig-2.13.1-150400.1.4 updated - libfontconfig1-2.13.1-150400.1.4 updated - libsoftokn3-3.68.3-150400.1.7 updated - mozilla-nss-3.68.3-150400.1.7 updated - libsoftokn3-hmac-3.68.3-150400.1.7 updated - java-11-openjdk-headless-11.0.15.0-150000.3.80.1 updated - java-11-openjdk-11.0.15.0-150000.3.80.1 updated - container:sles15-image-15.0.0-27.8.1 updated From sle-updates at lists.suse.com Wed Jun 22 07:30:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:30:10 +0200 (CEST) Subject: SUSE-CU-2022:1360-1: Security update of bci/ruby Message-ID: <20220622073010.B7DCAFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1360-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.1 , bci/ruby:latest Container Release : 10.1 Severity : important Type : security References : 1040589 1177460 1179416 1180125 1181400 1181805 1183543 1183545 1183659 1185299 1187670 1188160 1188161 1188548 1190375 1190824 1191157 1191908 1192951 1193035 1193489 1193659 1193711 1194883 1194968 1195283 1195628 1196093 1196107 1196275 1196406 1196647 1196861 1197004 1197024 1197065 1197459 1197716 1197743 1197771 1197794 1198062 1198176 1198234 1198237 1198422 1198441 1198446 1198751 1199240 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-3421 CVE-2021-41817 CVE-2022-1271 CVE-2022-1304 CVE-2022-24765 CVE-2022-28739 CVE-2022-29155 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - glibc-2.31-150300.26.5 updated - perl-base-5.26.1-150300.17.3.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libuuid1-2.37.2-150400.6.26 updated - libudev1-249.11-150400.6.8 updated - libsmartcols1-2.37.2-150400.6.26 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.38 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libblkid1-2.37.2-150400.6.26 updated - libaudit1-3.0.6-150400.2.13 updated - libgcrypt20-1.9.4-150400.4.6 updated - libgcrypt20-hmac-1.9.4-150400.4.6 updated - libfdisk1-2.37.2-150400.6.26 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libopenssl1_1-1.1.1l-150400.5.14 updated - libopenssl1_1-hmac-1.1.1l-150400.5.14 updated - libelf1-0.185-150400.3.35 updated - libselinux1-3.1-150400.1.69 updated - libxml2-2-2.9.12-150400.3.4 updated - libsystemd0-249.11-150400.6.8 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libdw1-0.185-150400.3.35 updated - libsemanage1-3.1-150400.1.65 updated - libmount1-2.37.2-150400.6.26 updated - krb5-1.19.2-150400.1.9 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - libssh4-0.9.6-150400.1.5 updated - login_defs-4.8.1-150400.8.57 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libcurl4-7.79.1-150400.3.1 updated - coreutils-8.32-150400.7.5 updated - sles-release-15.4-150400.55.1 updated - grep-3.1-150000.4.6.1 updated - rpm-config-SUSE-1-150400.12.41 updated - permissions-20201225-150400.3.4 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.58.3 updated - shadow-4.8.1-150400.8.57 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.6.26 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - curl-7.79.1-150400.3.1 updated - fdupes-2.1.2-150400.1.86 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libctf-nobfd0-2.37-150100.7.34.1 updated - libexpat1-2.4.4-150400.2.24 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libpcre2-8-0-10.39-150400.2.3 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - linux-glibc-devel-5.14-150400.4.44 updated - timezone-2022a-150000.75.7.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - libctf0-2.37-150100.7.34.1 updated - binutils-2.37-150100.7.34.1 updated - less-590-150400.1.51 updated - glibc-devel-2.31-150300.26.5 updated - ruby2.5-2.5.9-150000.4.23.1 updated - git-core-2.35.3-150300.10.12.1 updated - ruby2.5-devel-2.5.9-150000.4.23.1 updated - container:sles15-image-15.0.0-27.8.1 updated From sle-updates at lists.suse.com Wed Jun 22 07:34:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 09:34:25 +0200 (CEST) Subject: SUSE-CU-2022:1361-1: Security update of suse/sle15 Message-ID: <20220622073425.21559FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1361-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.8.1 , suse/sle15:15.4 , suse/sle15:15.4.27.8.1 Container Release : 27.8.1 Severity : important Type : security References : 1040589 1192951 1193659 1195283 1196861 1197065 1197771 1197794 1198176 1198446 1198504 1198751 1199240 CVE-2022-1304 CVE-2022-29155 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - glibc-2.31-150300.26.5 updated - grep-3.1-150000.4.6.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libcurl4-7.79.1-150400.3.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-249.11-150400.6.8 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libudev1-249.11-150400.6.8 updated - pam-1.3.0-150000.6.58.3 updated - skelcd-EULA-bci-2022.05.10-150400.2.1 added - sles-release-15.4-150400.55.1 updated - suse-build-key-12.0-150000.8.25.1 updated From sle-updates at lists.suse.com Wed Jun 22 10:16:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 12:16:43 +0200 (CEST) Subject: SUSE-SU-2022:2151-1: important: Security update for fwupdate Message-ID: <20220622101643.C5E79FD9D@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2151-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2151=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fwupdate-0.5-7.7.1 fwupdate-debuginfo-0.5-7.7.1 fwupdate-debugsource-0.5-7.7.1 fwupdate-efi-0.5-7.7.1 fwupdate-efi-debuginfo-0.5-7.7.1 libfwup0-0.5-7.7.1 libfwup0-debuginfo-0.5-7.7.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jun 22 10:17:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 12:17:17 +0200 (CEST) Subject: SUSE-SU-2022:2150-1: important: Security update for fwupdate Message-ID: <20220622101717.6D790FD9D@maintenance.suse.de> SUSE Security Update: Security update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2150-1 Rating: important References: #1198581 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2150=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2150=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2150=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2150=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2150=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2150=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2150=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2150=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2150=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2150=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2150=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE OpenStack Cloud 9 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE OpenStack Cloud 8 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 - HPE Helion Openstack 8 (x86_64): fwupdate-0.5-10.12.1 fwupdate-debuginfo-0.5-10.12.1 fwupdate-debugsource-0.5-10.12.1 fwupdate-efi-0.5-10.12.1 fwupdate-efi-debuginfo-0.5-10.12.1 libfwup0-0.5-10.12.1 libfwup0-debuginfo-0.5-10.12.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jun 22 13:16:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 15:16:25 +0200 (CEST) Subject: SUSE-SU-2022:2153-1: important: Security update for drbd Message-ID: <20220622131625.3F853FBAA@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2153-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2153=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-4.22.1 drbd-debugsource-9.0.14+git.62f906cf-4.22.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.99-4.22.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.99-4.22.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jun 22 13:17:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 15:17:02 +0200 (CEST) Subject: SUSE-SU-2022:2152-1: important: Security update for drbd Message-ID: <20220622131702.9EB15FBAA@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2152-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2152=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.18.3 drbd-debugsource-9.0.14+git.62f906cf-11.18.3 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.124-11.18.3 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.124-11.18.3 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Jun 22 16:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 18:16:44 +0200 (CEST) Subject: SUSE-SU-2022:2154-1: important: Security update for salt Message-ID: <20220622161644.74D89FD9D@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2154-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Manager Tools 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could lead to authentication bypass when using PAM (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-2154=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-2154=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-65.1 python3-salt-3000-65.1 salt-3000-65.1 salt-doc-3000-65.1 salt-minion-3000-65.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-65.1 salt-3000-65.1 salt-api-3000-65.1 salt-cloud-3000-65.1 salt-doc-3000-65.1 salt-master-3000-65.1 salt-minion-3000-65.1 salt-proxy-3000-65.1 salt-ssh-3000-65.1 salt-standalone-formulas-configuration-3000-65.1 salt-syndic-3000-65.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-65.1 salt-zsh-completion-3000-65.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Wed Jun 22 19:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 21:16:40 +0200 (CEST) Subject: SUSE-RU-2022:2155-1: important: Recommended updates for python3-dnspython and python3-zypp-plugin: Message-ID: <20220622191640.20046FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended updates for python3-dnspython and python3-zypp-plugin: ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2155-1 Rating: important References: Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: - Add python3-dnspython and python3-zypp-plugin to unrestricted channels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2155=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2155=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-dnspython-1.12.0-9.10.1 python3-dnspython-1.12.0-9.10.1 python3-zypp-plugin-0.6.3-2.8.1 References: From sle-updates at lists.suse.com Wed Jun 22 19:17:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 21:17:16 +0200 (CEST) Subject: SUSE-RU-2022:2156-1: important: Recommended updates for python3-dnspython and python3-zypp-plugin: Message-ID: <20220622191716.31817FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended updates for python3-dnspython and python3-zypp-plugin: ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2156-1 Rating: important References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: - Add python3-dnspython and python3-zypp-plugin to unrestricted channels. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2156=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2156=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2156=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2156=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2156=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2156=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2156=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2156=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2156=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2156=1 Package List: - openSUSE Leap 15.4 (noarch): python3-dnspython-1.15.0-150000.3.2.1 python3-zypp-plugin-0.6.3-150000.4.2.1 - openSUSE Leap 15.3 (noarch): python2-dnspython-1.15.0-150000.3.2.1 python2-zypp-plugin-0.6.3-150000.4.2.1 python3-dnspython-1.15.0-150000.3.2.1 python3-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-dnspython-1.15.0-150000.3.2.1 python3-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-dnspython-1.15.0-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-dnspython-1.15.0-150000.3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-dnspython-1.15.0-150000.3.2.1 python3-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-dnspython-1.15.0-150000.3.2.1 python3-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-zypp-plugin-0.6.3-150000.4.2.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-zypp-plugin-0.6.3-150000.4.2.1 References: From sle-updates at lists.suse.com Wed Jun 22 19:18:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2022 21:18:00 +0200 (CEST) Subject: SUSE-RU-2022:2157-1: moderate: Recommended update for binutils Message-ID: <20220622191800.18C84FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2157-1 Rating: moderate References: #1198458 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2157=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2157=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2157=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2157=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2157=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2157=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2157=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2157=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.37.1 binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-devel-2.37-150100.7.37.1 binutils-gold-2.37-150100.7.37.1 binutils-gold-debuginfo-2.37-150100.7.37.1 bpftrace-0.14.0-150400.3.2.2 cross-arm-binutils-2.37-150100.7.37.1 cross-arm-binutils-debuginfo-2.37-150100.7.37.1 cross-arm-binutils-debugsource-2.37-150100.7.37.1 cross-avr-binutils-2.37-150100.7.37.1 cross-avr-binutils-debuginfo-2.37-150100.7.37.1 cross-avr-binutils-debugsource-2.37-150100.7.37.1 cross-epiphany-binutils-2.37-150100.7.37.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.37.1 cross-epiphany-binutils-debugsource-2.37-150100.7.37.1 cross-hppa-binutils-2.37-150100.7.37.1 cross-hppa-binutils-debuginfo-2.37-150100.7.37.1 cross-hppa-binutils-debugsource-2.37-150100.7.37.1 cross-hppa64-binutils-2.37-150100.7.37.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.37.1 cross-hppa64-binutils-debugsource-2.37-150100.7.37.1 cross-i386-binutils-2.37-150100.7.37.1 cross-i386-binutils-debuginfo-2.37-150100.7.37.1 cross-i386-binutils-debugsource-2.37-150100.7.37.1 cross-ia64-binutils-2.37-150100.7.37.1 cross-ia64-binutils-debuginfo-2.37-150100.7.37.1 cross-ia64-binutils-debugsource-2.37-150100.7.37.1 cross-m68k-binutils-2.37-150100.7.37.1 cross-m68k-binutils-debuginfo-2.37-150100.7.37.1 cross-m68k-binutils-debugsource-2.37-150100.7.37.1 cross-mips-binutils-2.37-150100.7.37.1 cross-mips-binutils-debuginfo-2.37-150100.7.37.1 cross-mips-binutils-debugsource-2.37-150100.7.37.1 cross-ppc-binutils-2.37-150100.7.37.1 cross-ppc-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc-binutils-debugsource-2.37-150100.7.37.1 cross-ppc64-binutils-2.37-150100.7.37.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc64-binutils-debugsource-2.37-150100.7.37.1 cross-riscv64-binutils-2.37-150100.7.37.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.37.1 cross-riscv64-binutils-debugsource-2.37-150100.7.37.1 cross-rx-binutils-2.37-150100.7.37.1 cross-rx-binutils-debuginfo-2.37-150100.7.37.1 cross-rx-binutils-debugsource-2.37-150100.7.37.1 cross-s390-binutils-2.37-150100.7.37.1 cross-s390-binutils-debuginfo-2.37-150100.7.37.1 cross-s390-binutils-debugsource-2.37-150100.7.37.1 cross-sparc-binutils-2.37-150100.7.37.1 cross-sparc-binutils-debuginfo-2.37-150100.7.37.1 cross-sparc-binutils-debugsource-2.37-150100.7.37.1 cross-sparc64-binutils-2.37-150100.7.37.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.37.1 cross-sparc64-binutils-debugsource-2.37-150100.7.37.1 cross-spu-binutils-2.37-150100.7.37.1 cross-spu-binutils-debuginfo-2.37-150100.7.37.1 cross-spu-binutils-debugsource-2.37-150100.7.37.1 libctf-nobfd0-2.37-150100.7.37.1 libctf-nobfd0-debuginfo-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libctf0-debuginfo-2.37-150100.7.37.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.37.1 cross-s390x-binutils-debuginfo-2.37-150100.7.37.1 cross-s390x-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.37.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.37.1 cross-x86_64-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.37.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.37.1 cross-aarch64-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.37.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.4 (noarch): bpftrace-tools-0.14.0-150400.3.2.2 - openSUSE Leap 15.4 (x86_64): binutils-devel-32bit-2.37-150100.7.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.37.1 binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-devel-2.37-150100.7.37.1 binutils-gold-2.37-150100.7.37.1 binutils-gold-debuginfo-2.37-150100.7.37.1 bpftrace-0.11.4-150300.3.11.4 cross-arm-binutils-2.37-150100.7.37.1 cross-arm-binutils-debuginfo-2.37-150100.7.37.1 cross-arm-binutils-debugsource-2.37-150100.7.37.1 cross-avr-binutils-2.37-150100.7.37.1 cross-avr-binutils-debuginfo-2.37-150100.7.37.1 cross-avr-binutils-debugsource-2.37-150100.7.37.1 cross-epiphany-binutils-2.37-150100.7.37.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.37.1 cross-epiphany-binutils-debugsource-2.37-150100.7.37.1 cross-hppa-binutils-2.37-150100.7.37.1 cross-hppa-binutils-debuginfo-2.37-150100.7.37.1 cross-hppa-binutils-debugsource-2.37-150100.7.37.1 cross-hppa64-binutils-2.37-150100.7.37.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.37.1 cross-hppa64-binutils-debugsource-2.37-150100.7.37.1 cross-i386-binutils-2.37-150100.7.37.1 cross-i386-binutils-debuginfo-2.37-150100.7.37.1 cross-i386-binutils-debugsource-2.37-150100.7.37.1 cross-ia64-binutils-2.37-150100.7.37.1 cross-ia64-binutils-debuginfo-2.37-150100.7.37.1 cross-ia64-binutils-debugsource-2.37-150100.7.37.1 cross-m68k-binutils-2.37-150100.7.37.1 cross-m68k-binutils-debuginfo-2.37-150100.7.37.1 cross-m68k-binutils-debugsource-2.37-150100.7.37.1 cross-mips-binutils-2.37-150100.7.37.1 cross-mips-binutils-debuginfo-2.37-150100.7.37.1 cross-mips-binutils-debugsource-2.37-150100.7.37.1 cross-ppc-binutils-2.37-150100.7.37.1 cross-ppc-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc-binutils-debugsource-2.37-150100.7.37.1 cross-ppc64-binutils-2.37-150100.7.37.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc64-binutils-debugsource-2.37-150100.7.37.1 cross-riscv64-binutils-2.37-150100.7.37.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.37.1 cross-riscv64-binutils-debugsource-2.37-150100.7.37.1 cross-rx-binutils-2.37-150100.7.37.1 cross-rx-binutils-debuginfo-2.37-150100.7.37.1 cross-rx-binutils-debugsource-2.37-150100.7.37.1 cross-s390-binutils-2.37-150100.7.37.1 cross-s390-binutils-debuginfo-2.37-150100.7.37.1 cross-s390-binutils-debugsource-2.37-150100.7.37.1 cross-sparc-binutils-2.37-150100.7.37.1 cross-sparc-binutils-debuginfo-2.37-150100.7.37.1 cross-sparc-binutils-debugsource-2.37-150100.7.37.1 cross-sparc64-binutils-2.37-150100.7.37.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.37.1 cross-sparc64-binutils-debugsource-2.37-150100.7.37.1 cross-spu-binutils-2.37-150100.7.37.1 cross-spu-binutils-debuginfo-2.37-150100.7.37.1 cross-spu-binutils-debugsource-2.37-150100.7.37.1 libctf-nobfd0-2.37-150100.7.37.1 libctf-nobfd0-debuginfo-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libctf0-debuginfo-2.37-150100.7.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.37.1 cross-s390x-binutils-debuginfo-2.37-150100.7.37.1 cross-s390x-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.37.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.37.1 cross-x86_64-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.37.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.37.1 cross-aarch64-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.37.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.37.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.37.1 - openSUSE Leap 15.3 (x86_64): binutils-devel-32bit-2.37-150100.7.37.1 - openSUSE Leap 15.3 (noarch): bpftrace-tools-0.11.4-150300.3.11.4 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-gold-2.37-150100.7.37.1 binutils-gold-debuginfo-2.37-150100.7.37.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-gold-2.37-150100.7.37.1 binutils-gold-debuginfo-2.37-150100.7.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bpftrace-0.14.0-150400.3.2.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): bpftrace-tools-0.14.0-150400.3.2.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): binutils-debugsource-2.37-150100.7.37.1 binutils-devel-32bit-2.37-150100.7.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bpftrace-0.11.4-150300.3.11.4 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): binutils-debugsource-2.37-150100.7.37.1 binutils-devel-32bit-2.37-150100.7.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): bpftrace-tools-0.11.4-150300.3.11.4 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.37.1 binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-devel-2.37-150100.7.37.1 libctf-nobfd0-2.37-150100.7.37.1 libctf-nobfd0-debuginfo-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libctf0-debuginfo-2.37-150100.7.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.37.1 binutils-debuginfo-2.37-150100.7.37.1 binutils-debugsource-2.37-150100.7.37.1 binutils-devel-2.37-150100.7.37.1 libctf-nobfd0-2.37-150100.7.37.1 libctf-nobfd0-debuginfo-2.37-150100.7.37.1 libctf0-2.37-150100.7.37.1 libctf0-debuginfo-2.37-150100.7.37.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Thu Jun 23 07:14:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:14:15 +0200 (CEST) Subject: SUSE-CU-2022:1370-1: Recommended update of bci/bci-micro Message-ID: <20220623071415.82F02FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1370-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.17.3 Container Release : 17.3 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated From sle-updates at lists.suse.com Thu Jun 23 07:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:18:18 +0200 (CEST) Subject: SUSE-CU-2022:1371-1: Recommended update of bci/bci-minimal Message-ID: <20220623071818.53414FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1371-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.27.8 Container Release : 27.8 Severity : moderate Type : recommended References : 1192951 1193659 1195283 1196861 1197065 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - container:micro-image-15.3.0-17.4 updated From sle-updates at lists.suse.com Thu Jun 23 07:29:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:29:48 +0200 (CEST) Subject: SUSE-CU-2022:1379-1: Recommended update of bci/golang Message-ID: <20220623072948.3D675FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1379-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.4 Container Release : 13.4 Severity : moderate Type : recommended References : 1198458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) The following package changes have been done: - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - binutils-2.37-150100.7.37.1 updated From sle-updates at lists.suse.com Thu Jun 23 07:30:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:30:05 +0200 (CEST) Subject: SUSE-CU-2022:1380-1: Recommended update of bci/golang Message-ID: <20220623073005.58561FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1380-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.4 Container Release : 12.4 Severity : moderate Type : recommended References : 1198458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) The following package changes have been done: - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - binutils-2.37-150100.7.37.1 updated From sle-updates at lists.suse.com Thu Jun 23 07:30:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:30:22 +0200 (CEST) Subject: SUSE-CU-2022:1381-1: Recommended update of bci/golang Message-ID: <20220623073022.114D1FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1381-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.4 , bci/golang:latest Container Release : 7.4 Severity : moderate Type : recommended References : 1198458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) The following package changes have been done: - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - binutils-2.37-150100.7.37.1 updated From sle-updates at lists.suse.com Thu Jun 23 07:31:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 09:31:06 +0200 (CEST) Subject: SUSE-CU-2022:1382-1: Recommended update of bci/ruby Message-ID: <20220623073106.EA9FCFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1382-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.2 , bci/ruby:latest Container Release : 10.2 Severity : moderate Type : recommended References : 1198458 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:26 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) The following package changes have been done: - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - binutils-2.37-150100.7.37.1 updated From sle-updates at lists.suse.com Thu Jun 23 13:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 15:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2159-1: important: Security update for salt Message-ID: <20220623131642.9AEC9FD9D@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2159-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2159=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2159=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2159=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2159=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2159=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2159=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3004-150100.71.1 salt-fish-completion-3004-150100.71.1 salt-zsh-completion-3004-150100.71.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3004-150100.71.1 salt-3004-150100.71.1 salt-api-3004-150100.71.1 salt-cloud-3004-150100.71.1 salt-doc-3004-150100.71.1 salt-master-3004-150100.71.1 salt-minion-3004-150100.71.1 salt-proxy-3004-150100.71.1 salt-ssh-3004-150100.71.1 salt-standalone-formulas-configuration-3004-150100.71.1 salt-syndic-3004-150100.71.1 salt-transactional-update-3004-150100.71.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Thu Jun 23 13:17:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 15:17:44 +0200 (CEST) Subject: SUSE-SU-2022:2161-1: important: Security update for php74 Message-ID: <20220623131744.67EBAFD9D@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2161-1 Rating: important References: #1200628 #1200645 Cross-References: CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php74 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2161=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2161=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.42.1 php74-debugsource-7.4.6-1.42.1 php74-devel-7.4.6-1.42.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.42.1 apache2-mod_php74-debuginfo-7.4.6-1.42.1 php74-7.4.6-1.42.1 php74-bcmath-7.4.6-1.42.1 php74-bcmath-debuginfo-7.4.6-1.42.1 php74-bz2-7.4.6-1.42.1 php74-bz2-debuginfo-7.4.6-1.42.1 php74-calendar-7.4.6-1.42.1 php74-calendar-debuginfo-7.4.6-1.42.1 php74-ctype-7.4.6-1.42.1 php74-ctype-debuginfo-7.4.6-1.42.1 php74-curl-7.4.6-1.42.1 php74-curl-debuginfo-7.4.6-1.42.1 php74-dba-7.4.6-1.42.1 php74-dba-debuginfo-7.4.6-1.42.1 php74-debuginfo-7.4.6-1.42.1 php74-debugsource-7.4.6-1.42.1 php74-dom-7.4.6-1.42.1 php74-dom-debuginfo-7.4.6-1.42.1 php74-enchant-7.4.6-1.42.1 php74-enchant-debuginfo-7.4.6-1.42.1 php74-exif-7.4.6-1.42.1 php74-exif-debuginfo-7.4.6-1.42.1 php74-fastcgi-7.4.6-1.42.1 php74-fastcgi-debuginfo-7.4.6-1.42.1 php74-fileinfo-7.4.6-1.42.1 php74-fileinfo-debuginfo-7.4.6-1.42.1 php74-fpm-7.4.6-1.42.1 php74-fpm-debuginfo-7.4.6-1.42.1 php74-ftp-7.4.6-1.42.1 php74-ftp-debuginfo-7.4.6-1.42.1 php74-gd-7.4.6-1.42.1 php74-gd-debuginfo-7.4.6-1.42.1 php74-gettext-7.4.6-1.42.1 php74-gettext-debuginfo-7.4.6-1.42.1 php74-gmp-7.4.6-1.42.1 php74-gmp-debuginfo-7.4.6-1.42.1 php74-iconv-7.4.6-1.42.1 php74-iconv-debuginfo-7.4.6-1.42.1 php74-intl-7.4.6-1.42.1 php74-intl-debuginfo-7.4.6-1.42.1 php74-json-7.4.6-1.42.1 php74-json-debuginfo-7.4.6-1.42.1 php74-ldap-7.4.6-1.42.1 php74-ldap-debuginfo-7.4.6-1.42.1 php74-mbstring-7.4.6-1.42.1 php74-mbstring-debuginfo-7.4.6-1.42.1 php74-mysql-7.4.6-1.42.1 php74-mysql-debuginfo-7.4.6-1.42.1 php74-odbc-7.4.6-1.42.1 php74-odbc-debuginfo-7.4.6-1.42.1 php74-opcache-7.4.6-1.42.1 php74-opcache-debuginfo-7.4.6-1.42.1 php74-openssl-7.4.6-1.42.1 php74-openssl-debuginfo-7.4.6-1.42.1 php74-pcntl-7.4.6-1.42.1 php74-pcntl-debuginfo-7.4.6-1.42.1 php74-pdo-7.4.6-1.42.1 php74-pdo-debuginfo-7.4.6-1.42.1 php74-pgsql-7.4.6-1.42.1 php74-pgsql-debuginfo-7.4.6-1.42.1 php74-phar-7.4.6-1.42.1 php74-phar-debuginfo-7.4.6-1.42.1 php74-posix-7.4.6-1.42.1 php74-posix-debuginfo-7.4.6-1.42.1 php74-readline-7.4.6-1.42.1 php74-readline-debuginfo-7.4.6-1.42.1 php74-shmop-7.4.6-1.42.1 php74-shmop-debuginfo-7.4.6-1.42.1 php74-snmp-7.4.6-1.42.1 php74-snmp-debuginfo-7.4.6-1.42.1 php74-soap-7.4.6-1.42.1 php74-soap-debuginfo-7.4.6-1.42.1 php74-sockets-7.4.6-1.42.1 php74-sockets-debuginfo-7.4.6-1.42.1 php74-sodium-7.4.6-1.42.1 php74-sodium-debuginfo-7.4.6-1.42.1 php74-sqlite-7.4.6-1.42.1 php74-sqlite-debuginfo-7.4.6-1.42.1 php74-sysvmsg-7.4.6-1.42.1 php74-sysvmsg-debuginfo-7.4.6-1.42.1 php74-sysvsem-7.4.6-1.42.1 php74-sysvsem-debuginfo-7.4.6-1.42.1 php74-sysvshm-7.4.6-1.42.1 php74-sysvshm-debuginfo-7.4.6-1.42.1 php74-tidy-7.4.6-1.42.1 php74-tidy-debuginfo-7.4.6-1.42.1 php74-tokenizer-7.4.6-1.42.1 php74-tokenizer-debuginfo-7.4.6-1.42.1 php74-xmlreader-7.4.6-1.42.1 php74-xmlreader-debuginfo-7.4.6-1.42.1 php74-xmlrpc-7.4.6-1.42.1 php74-xmlrpc-debuginfo-7.4.6-1.42.1 php74-xmlwriter-7.4.6-1.42.1 php74-xmlwriter-debuginfo-7.4.6-1.42.1 php74-xsl-7.4.6-1.42.1 php74-xsl-debuginfo-7.4.6-1.42.1 php74-zip-7.4.6-1.42.1 php74-zip-debuginfo-7.4.6-1.42.1 php74-zlib-7.4.6-1.42.1 php74-zlib-debuginfo-7.4.6-1.42.1 References: https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Thu Jun 23 13:18:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 15:18:26 +0200 (CEST) Subject: SUSE-SU-2022:2158-1: important: Security update for xen Message-ID: <20220623131826.C8134FD9D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2158-1 Rating: important References: #1197423 #1197425 #1197426 #1199965 #1199966 Cross-References: CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2158=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2158=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2158=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2158=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_24-150100.3.72.1 xen-debugsource-4.12.4_24-150100.3.72.1 xen-devel-4.12.4_24-150100.3.72.1 xen-libs-4.12.4_24-150100.3.72.1 xen-libs-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-4.12.4_24-150100.3.72.1 xen-tools-debuginfo-4.12.4_24-150100.3.72.1 xen-tools-domU-4.12.4_24-150100.3.72.1 xen-tools-domU-debuginfo-4.12.4_24-150100.3.72.1 References: https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 From sle-updates at lists.suse.com Thu Jun 23 13:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 15:19:32 +0200 (CEST) Subject: SUSE-SU-2022:2160-1: important: Security update for mariadb Message-ID: <20220623131932.111D4FD9D@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2160-1 Rating: important References: #1198603 #1198604 #1198606 #1198607 #1198610 #1198611 #1198612 #1198613 #1198629 #1199928 Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVSS scores: CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2160=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2160=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2160=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): mariadb-errormessages-10.2.44-3.50.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-10.2.44-3.50.1 mariadb-client-10.2.44-3.50.1 mariadb-client-debuginfo-10.2.44-3.50.1 mariadb-debuginfo-10.2.44-3.50.1 mariadb-debugsource-10.2.44-3.50.1 mariadb-galera-10.2.44-3.50.1 mariadb-tools-10.2.44-3.50.1 mariadb-tools-debuginfo-10.2.44-3.50.1 - SUSE OpenStack Cloud 9 (x86_64): mariadb-10.2.44-3.50.1 mariadb-client-10.2.44-3.50.1 mariadb-client-debuginfo-10.2.44-3.50.1 mariadb-debuginfo-10.2.44-3.50.1 mariadb-debugsource-10.2.44-3.50.1 mariadb-galera-10.2.44-3.50.1 mariadb-tools-10.2.44-3.50.1 mariadb-tools-debuginfo-10.2.44-3.50.1 - SUSE OpenStack Cloud 9 (noarch): mariadb-errormessages-10.2.44-3.50.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mariadb-10.2.44-3.50.1 mariadb-client-10.2.44-3.50.1 mariadb-client-debuginfo-10.2.44-3.50.1 mariadb-debuginfo-10.2.44-3.50.1 mariadb-debugsource-10.2.44-3.50.1 mariadb-tools-10.2.44-3.50.1 mariadb-tools-debuginfo-10.2.44-3.50.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): mariadb-errormessages-10.2.44-3.50.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.44-3.50.1 mariadb-client-10.2.44-3.50.1 mariadb-client-debuginfo-10.2.44-3.50.1 mariadb-debuginfo-10.2.44-3.50.1 mariadb-debugsource-10.2.44-3.50.1 mariadb-tools-10.2.44-3.50.1 mariadb-tools-debuginfo-10.2.44-3.50.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.44-3.50.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mariadb-10.2.44-3.50.1 mariadb-client-10.2.44-3.50.1 mariadb-client-debuginfo-10.2.44-3.50.1 mariadb-debuginfo-10.2.44-3.50.1 mariadb-debugsource-10.2.44-3.50.1 mariadb-tools-10.2.44-3.50.1 mariadb-tools-debuginfo-10.2.44-3.50.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): mariadb-errormessages-10.2.44-3.50.1 References: https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-21427.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27445.html https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1199928 From sle-updates at lists.suse.com Thu Jun 23 16:16:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 18:16:37 +0200 (CEST) Subject: SUSE-SU-2022:2163-1: important: Security update for 389-ds Message-ID: <20220623161637.43031FD9D@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2163-1 Rating: important References: #1188455 #1195324 #1197275 #1197345 #1199889 #1200175 Cross-References: CVE-2021-3652 CVE-2021-4091 CVE-2022-0918 CVE-2022-0996 CVE-2022-1949 CVSS scores: CVE-2021-3652 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4091 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0996 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2022-1949 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-1949 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for 389-ds fixes the following issues: - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). - CVE-2022-0918: Fixed denial of service issue via crafted messages (bsc#1197275). - CVE-2022-0996: Fixed mishandling of password expiry (bsc#1197345). - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords (bsc#1188455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2163=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2163=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2163=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2163=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2163=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2163=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 - SUSE CaaS Platform 4.0 (x86_64): 389-ds-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-debugsource-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-devel-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-1.4.2.16~git68.efa843752-150100.7.34.1 389-ds-snmp-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 lib389-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-1.4.2.16~git68.efa843752-150100.7.34.1 libsvrcore0-debuginfo-1.4.2.16~git68.efa843752-150100.7.34.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://www.suse.com/security/cve/CVE-2021-4091.html https://www.suse.com/security/cve/CVE-2022-0918.html https://www.suse.com/security/cve/CVE-2022-0996.html https://www.suse.com/security/cve/CVE-2022-1949.html https://bugzilla.suse.com/1188455 https://bugzilla.suse.com/1195324 https://bugzilla.suse.com/1197275 https://bugzilla.suse.com/1197345 https://bugzilla.suse.com/1199889 https://bugzilla.suse.com/1200175 From sle-updates at lists.suse.com Thu Jun 23 19:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 21:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2166-1: important: Security update for python3 Message-ID: <20220623191642.04CE8FD9D@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2166-1 Rating: important References: #1070738 #1198511 #1199441 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2166=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2166=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2166=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2166=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2166=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2166=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2166=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2166=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2166=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2166=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2166=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2166=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2166=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-dbm-3.4.10-25.93.1 python3-dbm-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-tk-3.4.10-25.93.1 python3-tk-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.93.1 python3-base-debuginfo-32bit-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.93.1 libpython3_4m1_0-debuginfo-3.4.10-25.93.1 python3-3.4.10-25.93.1 python3-base-3.4.10-25.93.1 python3-base-debuginfo-3.4.10-25.93.1 python3-base-debugsource-3.4.10-25.93.1 python3-curses-3.4.10-25.93.1 python3-curses-debuginfo-3.4.10-25.93.1 python3-debuginfo-3.4.10-25.93.1 python3-debugsource-3.4.10-25.93.1 python3-devel-3.4.10-25.93.1 python3-devel-debuginfo-3.4.10-25.93.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1198511 https://bugzilla.suse.com/1199441 From sle-updates at lists.suse.com Thu Jun 23 19:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 21:17:30 +0200 (CEST) Subject: SUSE-SU-2022:2165-1: important: Security update for containerd Message-ID: <20220623191730.759F7FD9D@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2165-1 Rating: important References: #1192051 #1199460 #1199565 #1200088 #1200145 Cross-References: CVE-2022-29162 CVE-2022-31030 CVSS scores: CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-31030 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for containerd fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017 . bsc#1200145 runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - runc spec no longer sets any inheritable capabilities in the created example OCI spec (config.json) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. + runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container has???exited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-2165=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.6.6-16.62.1 docker-20.10.17_ce-98.83.1 docker-debuginfo-20.10.17_ce-98.83.1 runc-1.1.3-16.21.1 runc-debuginfo-1.1.3-16.21.1 References: https://www.suse.com/security/cve/CVE-2022-29162.html https://www.suse.com/security/cve/CVE-2022-31030.html https://bugzilla.suse.com/1192051 https://bugzilla.suse.com/1199460 https://bugzilla.suse.com/1199565 https://bugzilla.suse.com/1200088 https://bugzilla.suse.com/1200145 From sle-updates at lists.suse.com Thu Jun 23 19:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2022 21:18:51 +0200 (CEST) Subject: SUSE-SU-2022:2164-1: important: Security update for xen Message-ID: <20220623191851.CDBC2FD9D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2164-1 Rating: important References: #1199965 #1199966 Cross-References: CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2164=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2164=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2164=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2164=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2164=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2164=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2164=1 Package List: - SUSE Manager Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Manager Server 4.1 (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Manager Proxy 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Manager Proxy 4.1 (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_10-150200.3.55.1 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_10-150200.3.55.1 xen-debugsource-4.13.4_10-150200.3.55.1 xen-devel-4.13.4_10-150200.3.55.1 xen-libs-4.13.4_10-150200.3.55.1 xen-libs-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-4.13.4_10-150200.3.55.1 xen-tools-debuginfo-4.13.4_10-150200.3.55.1 xen-tools-domU-4.13.4_10-150200.3.55.1 xen-tools-domU-debuginfo-4.13.4_10-150200.3.55.1 References: https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 From sle-updates at lists.suse.com Fri Jun 24 07:03:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 09:03:44 +0200 (CEST) Subject: SUSE-IU-2022:678-1: Security update of suse-sles-15-sp3-chost-byos-v20220608-hvm-ssd-x86_64 Message-ID: <20220624070344.988BCF386@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220608-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:678-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220608-hvm-ssd-x86_64:20220608 Image Release : Severity : important Type : security References : 1028340 1040589 1071995 1080338 1118508 1137728 1152472 1152489 1173429 1177028 1179878 1182073 1183723 1187055 1189517 1191647 1192951 1193556 1193659 1193842 1193930 1194625 1195115 1195283 1195651 1195896 1195926 1196018 1196114 1196308 1196367 1196441 1196490 1196514 1196639 1196788 1196861 1196942 1197065 1197157 1197284 1197391 1197443 1197517 1197656 1197660 1197677 1197743 1197771 1197794 1197914 1197926 1197995 1198077 1198176 1198217 1198255 1198330 1198400 1198413 1198437 1198446 1198448 1198484 1198504 1198515 1198516 1198534 1198614 1198657 1198723 1198742 1198751 1198766 1198825 1198989 1199012 1199024 1199132 1199223 1199224 1199232 1199240 1199247 1199362 1199474 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2021-43565 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1304 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1586 CVE-2022-22576 CVE-2022-23308 CVE-2022-23648 CVE-2022-24769 CVE-2022-26691 CVE-2022-27191 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29155 CVE-2022-29156 CVE-2022-29824 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220608-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1687-1 Released: Mon May 16 13:58:33 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024,CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1752-1 Released: Thu May 19 15:51:22 2022 Summary: Recommended update for samba Type: recommended Severity: important References: 1080338,1118508,1173429,1195896,1196308,1196788,1197995,1198255,1199247,1199362 This update for samba provides the following fixes: Bugfixes: - Revert NIS support removal (bsc#1199247); - Update to meet last ldb2 version update (bsc#1199362). - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time (bsc#1199362). - Add provides to samba-client-libs package to fix upgrades from previous versions (bsc#1197995). - Add missing samba-client requirement to samba-winbind package (bsc#1198255). - Add missing samba-libs requirement to samba-winbind package (bsc#1198255). - Fixed mismatched version of libldb2 (bsc#1196788). - Dropped obsolete Samba fsrvp v0->v1 state upgrade functionality (bsc#1080338). - Fixed ntlm authentications with 'winbind use default domain = yes' (bsc#1173429, bsc#1196308). - Fixed samba-ad-dc status warning notification message by disabling systemd notifications in bgqd (bsc#1195896). - Fixed libldb version mismatch in Samba dsdb component (bsc#1118508). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - containerd-ctr-1.5.11-150000.68.1 updated - containerd-1.5.11-150000.68.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.33.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - docker-20.10.14_ce-150000.163.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - glibc-locale-base-2.31-150300.26.5 updated - glibc-locale-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - grep-3.1-150000.4.6.1 updated - kernel-default-5.3.18-150300.59.68.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - pam-1.3.0-150000.6.58.3 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150300.3.32.1 updated - suse-build-key-12.0-150000.8.25.1 updated From sle-updates at lists.suse.com Fri Jun 24 07:06:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 09:06:00 +0200 (CEST) Subject: SUSE-IU-2022:679-1: Security update of sles-15-sp3-chost-byos-v20220608-x86-64 Message-ID: <20220624070600.2DBE0F386@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220608-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:679-1 Image Tags : sles-15-sp3-chost-byos-v20220608-x86-64:20220608 Image Release : Severity : important Type : security References : 1028340 1040589 1071995 1080338 1118508 1137728 1152472 1152489 1173429 1177028 1179878 1182073 1183723 1187055 1189517 1191647 1192951 1193556 1193659 1193842 1193930 1194625 1195115 1195283 1195651 1195896 1195926 1196018 1196114 1196308 1196367 1196441 1196490 1196514 1196639 1196788 1196861 1196942 1197065 1197157 1197284 1197391 1197443 1197517 1197656 1197660 1197677 1197743 1197771 1197794 1197914 1197926 1197995 1198077 1198176 1198217 1198255 1198330 1198400 1198413 1198437 1198446 1198448 1198484 1198504 1198515 1198516 1198534 1198614 1198723 1198742 1198751 1198766 1198825 1198989 1199012 1199024 1199132 1199223 1199224 1199232 1199240 1199247 1199362 1199474 CVE-2020-27835 CVE-2021-0707 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-4154 CVE-2021-43565 CVE-2022-0812 CVE-2022-1158 CVE-2022-1280 CVE-2022-1304 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1586 CVE-2022-22576 CVE-2022-23308 CVE-2022-23648 CVE-2022-24769 CVE-2022-26691 CVE-2022-27191 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28356 CVE-2022-28748 CVE-2022-28893 CVE-2022-29155 CVE-2022-29156 CVE-2022-29824 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220608-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1687-1 Released: Mon May 16 13:58:33 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024,CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1752-1 Released: Thu May 19 15:51:22 2022 Summary: Recommended update for samba Type: recommended Severity: important References: 1080338,1118508,1173429,1195896,1196308,1196788,1197995,1198255,1199247,1199362 This update for samba provides the following fixes: Bugfixes: - Revert NIS support removal (bsc#1199247); - Update to meet last ldb2 version update (bsc#1199362). - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time (bsc#1199362). - Add provides to samba-client-libs package to fix upgrades from previous versions (bsc#1197995). - Add missing samba-client requirement to samba-winbind package (bsc#1198255). - Add missing samba-libs requirement to samba-winbind package (bsc#1198255). - Fixed mismatched version of libldb2 (bsc#1196788). - Dropped obsolete Samba fsrvp v0->v1 state upgrade functionality (bsc#1080338). - Fixed ntlm authentications with 'winbind use default domain = yes' (bsc#1173429, bsc#1196308). - Fixed samba-ad-dc status warning notification message by disabling systemd notifications in bgqd (bsc#1195896). - Fixed libldb version mismatch in Samba dsdb component (bsc#1118508). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h The following package changes have been done: - containerd-ctr-1.5.11-150000.68.1 updated - containerd-1.5.11-150000.68.1 updated - cups-config-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.33.1 updated - docker-20.10.14_ce-150000.163.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - glibc-locale-base-2.31-150300.26.5 updated - glibc-locale-2.31-150300.26.5 updated - glibc-2.31-150300.26.5 updated - grep-3.1-150000.4.6.1 updated - kernel-default-5.3.18-150300.59.68.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcurl4-7.66.0-150200.4.33.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - pam-1.3.0-150000.6.58.3 updated - samba-client-libs-4.15.7+git.376.dd43aca9ab2-150300.3.32.1 updated - suse-build-key-12.0-150000.8.25.1 updated From sle-updates at lists.suse.com Fri Jun 24 13:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 15:16:53 +0200 (CEST) Subject: SUSE-SU-2022:2169-1: important: Security update for drbd Message-ID: <20220624131653.8D8B4F386@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2169-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-2169=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-3.32.1 drbd-debugsource-9.0.14+git.62f906cf-3.32.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.4.180_94.164-3.32.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.4.180_94.164-3.32.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 24 13:17:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 15:17:23 +0200 (CEST) Subject: SUSE-SU-2022:2168-1: important: Security update for drbd Message-ID: <20220624131723.941F3F386@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2168-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2168=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2168=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2168=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 - openSUSE Leap 15.4 (x86_64): drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): drbd-9.0.29~0+git.9a7bc817-150300.3.5.1 drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1 drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 - openSUSE Leap 15.3 (aarch64 x86_64): drbd-kmp-preempt-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 drbd-kmp-preempt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 - openSUSE Leap 15.3 (aarch64): drbd-kmp-64kb-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 drbd-kmp-64kb-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 - openSUSE Leap 15.3 (x86_64): drbd-kmp-rt-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 drbd-kmp-rt-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_8.13-150300.3.5.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): drbd-9.0.29~0+git.9a7bc817-150300.3.5.1 drbd-debugsource-9.0.29~0+git.9a7bc817-150300.3.5.1 drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 drbd-kmp-default-debuginfo-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 24 13:18:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 15:18:03 +0200 (CEST) Subject: SUSE-SU-2022:2172-1: important: Security update for the Linux Kernel Message-ID: <20220624131803.3E9F2F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2172-1 Rating: important References: #1177282 #1184924 #1198924 #1199365 #1199482 #1200015 #1200143 #1200144 #1200206 #1200207 #1200249 #1200259 #1200263 #1200343 #1200494 #1200529 #1200604 Cross-References: CVE-2020-26541 CVE-2022-1012 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20141 CVE-2022-32250 CVSS scores: CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1012: Fixed a small table perturb size in the TCP source port generation algorithm which could leads to information leak. (bsc#1199482). - CVE-2022-20141: Fixed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - raid5: introduce MD_BROKEN (git-fixes). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2172=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2172=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.62.1 kernel-source-azure-5.3.18-150300.38.62.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.62.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.62.1 dlm-kmp-azure-5.3.18-150300.38.62.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.62.1 gfs2-kmp-azure-5.3.18-150300.38.62.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1 kernel-azure-5.3.18-150300.38.62.1 kernel-azure-debuginfo-5.3.18-150300.38.62.1 kernel-azure-debugsource-5.3.18-150300.38.62.1 kernel-azure-devel-5.3.18-150300.38.62.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1 kernel-azure-extra-5.3.18-150300.38.62.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.62.1 kernel-azure-livepatch-devel-5.3.18-150300.38.62.1 kernel-azure-optional-5.3.18-150300.38.62.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.62.1 kernel-syms-azure-5.3.18-150300.38.62.1 kselftests-kmp-azure-5.3.18-150300.38.62.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.62.1 ocfs2-kmp-azure-5.3.18-150300.38.62.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.62.1 reiserfs-kmp-azure-5.3.18-150300.38.62.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.62.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.62.1 kernel-azure-debuginfo-5.3.18-150300.38.62.1 kernel-azure-debugsource-5.3.18-150300.38.62.1 kernel-azure-devel-5.3.18-150300.38.62.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.62.1 kernel-syms-azure-5.3.18-150300.38.62.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.62.1 kernel-source-azure-5.3.18-150300.38.62.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1198924 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200206 https://bugzilla.suse.com/1200207 https://bugzilla.suse.com/1200249 https://bugzilla.suse.com/1200259 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200494 https://bugzilla.suse.com/1200529 https://bugzilla.suse.com/1200604 From sle-updates at lists.suse.com Fri Jun 24 13:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 15:20:15 +0200 (CEST) Subject: SUSE-SU-2022:2173-1: important: Security update for the Linux Kernel Message-ID: <20220624132015.C13C7F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2173-1 Rating: important References: #1177282 #1199365 #1200015 #1200143 #1200144 #1200206 #1200207 #1200249 #1200259 #1200263 #1200268 #1200529 Cross-References: CVE-2020-26541 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVSS scores: CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2173=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2173=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2173=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2173=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2173=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2173=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2173=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2173=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2173=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2173=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.76.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 dlm-kmp-preempt-5.3.18-150300.59.76.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 gfs2-kmp-preempt-5.3.18-150300.59.76.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-5.3.18-150300.59.76.1 kernel-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debugsource-5.3.18-150300.59.76.1 kernel-preempt-devel-5.3.18-150300.59.76.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-extra-5.3.18-150300.59.76.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1 kernel-preempt-optional-5.3.18-150300.59.76.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1 kselftests-kmp-preempt-5.3.18-150300.59.76.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 ocfs2-kmp-preempt-5.3.18-150300.59.76.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 reiserfs-kmp-preempt-5.3.18-150300.59.76.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.76.1 dtb-zte-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.76.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1 dlm-kmp-default-5.3.18-150300.59.76.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1 gfs2-kmp-default-5.3.18-150300.59.76.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-5.3.18-150300.59.76.1 kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2 kernel-default-base-rebuild-5.3.18-150300.59.76.1.150300.18.45.2 kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 kernel-default-devel-5.3.18-150300.59.76.1 kernel-default-devel-debuginfo-5.3.18-150300.59.76.1 kernel-default-extra-5.3.18-150300.59.76.1 kernel-default-extra-debuginfo-5.3.18-150300.59.76.1 kernel-default-livepatch-5.3.18-150300.59.76.1 kernel-default-livepatch-devel-5.3.18-150300.59.76.1 kernel-default-optional-5.3.18-150300.59.76.1 kernel-default-optional-debuginfo-5.3.18-150300.59.76.1 kernel-obs-build-5.3.18-150300.59.76.1 kernel-obs-build-debugsource-5.3.18-150300.59.76.1 kernel-obs-qa-5.3.18-150300.59.76.1 kernel-syms-5.3.18-150300.59.76.1 kselftests-kmp-default-5.3.18-150300.59.76.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.76.1 ocfs2-kmp-default-5.3.18-150300.59.76.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1 reiserfs-kmp-default-5.3.18-150300.59.76.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.76.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 dlm-kmp-preempt-5.3.18-150300.59.76.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 gfs2-kmp-preempt-5.3.18-150300.59.76.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-5.3.18-150300.59.76.1 kernel-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debugsource-5.3.18-150300.59.76.1 kernel-preempt-devel-5.3.18-150300.59.76.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-extra-5.3.18-150300.59.76.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.76.1 kernel-preempt-optional-5.3.18-150300.59.76.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.76.1 kselftests-kmp-preempt-5.3.18-150300.59.76.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 ocfs2-kmp-preempt-5.3.18-150300.59.76.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 reiserfs-kmp-preempt-5.3.18-150300.59.76.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.76.1 kernel-debug-debuginfo-5.3.18-150300.59.76.1 kernel-debug-debugsource-5.3.18-150300.59.76.1 kernel-debug-devel-5.3.18-150300.59.76.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.76.1 kernel-debug-livepatch-devel-5.3.18-150300.59.76.1 kernel-kvmsmall-5.3.18-150300.59.76.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.76.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.76.1 kernel-kvmsmall-devel-5.3.18-150300.59.76.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.76.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.76.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 dlm-kmp-64kb-5.3.18-150300.59.76.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 dtb-al-5.3.18-150300.59.76.1 dtb-allwinner-5.3.18-150300.59.76.1 dtb-altera-5.3.18-150300.59.76.1 dtb-amd-5.3.18-150300.59.76.1 dtb-amlogic-5.3.18-150300.59.76.1 dtb-apm-5.3.18-150300.59.76.1 dtb-arm-5.3.18-150300.59.76.1 dtb-broadcom-5.3.18-150300.59.76.1 dtb-cavium-5.3.18-150300.59.76.1 dtb-exynos-5.3.18-150300.59.76.1 dtb-freescale-5.3.18-150300.59.76.1 dtb-hisilicon-5.3.18-150300.59.76.1 dtb-lg-5.3.18-150300.59.76.1 dtb-marvell-5.3.18-150300.59.76.1 dtb-mediatek-5.3.18-150300.59.76.1 dtb-nvidia-5.3.18-150300.59.76.1 dtb-qcom-5.3.18-150300.59.76.1 dtb-renesas-5.3.18-150300.59.76.1 dtb-rockchip-5.3.18-150300.59.76.1 dtb-socionext-5.3.18-150300.59.76.1 dtb-sprd-5.3.18-150300.59.76.1 dtb-xilinx-5.3.18-150300.59.76.1 dtb-zte-5.3.18-150300.59.76.1 gfs2-kmp-64kb-5.3.18-150300.59.76.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 kernel-64kb-5.3.18-150300.59.76.1 kernel-64kb-debuginfo-5.3.18-150300.59.76.1 kernel-64kb-debugsource-5.3.18-150300.59.76.1 kernel-64kb-devel-5.3.18-150300.59.76.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1 kernel-64kb-extra-5.3.18-150300.59.76.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.76.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.76.1 kernel-64kb-optional-5.3.18-150300.59.76.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.76.1 kselftests-kmp-64kb-5.3.18-150300.59.76.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 ocfs2-kmp-64kb-5.3.18-150300.59.76.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 reiserfs-kmp-64kb-5.3.18-150300.59.76.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.76.1 kernel-docs-5.3.18-150300.59.76.1 kernel-docs-html-5.3.18-150300.59.76.1 kernel-macros-5.3.18-150300.59.76.1 kernel-source-5.3.18-150300.59.76.1 kernel-source-vanilla-5.3.18-150300.59.76.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.76.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 kernel-default-extra-5.3.18-150300.59.76.1 kernel-default-extra-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debugsource-5.3.18-150300.59.76.1 kernel-preempt-extra-5.3.18-150300.59.76.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 kernel-default-livepatch-5.3.18-150300.59.76.1 kernel-default-livepatch-devel-5.3.18-150300.59.76.1 kernel-livepatch-5_3_18-150300_59_76-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 reiserfs-kmp-default-5.3.18-150300.59.76.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.76.1 kernel-obs-build-debugsource-5.3.18-150300.59.76.1 kernel-syms-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debugsource-5.3.18-150300.59.76.1 kernel-preempt-devel-5.3.18-150300.59.76.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.76.1 kernel-source-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.76.1 kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2 kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 kernel-default-devel-5.3.18-150300.59.76.1 kernel-default-devel-debuginfo-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.76.1 kernel-preempt-debuginfo-5.3.18-150300.59.76.1 kernel-preempt-debugsource-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.76.1 kernel-64kb-debuginfo-5.3.18-150300.59.76.1 kernel-64kb-debugsource-5.3.18-150300.59.76.1 kernel-64kb-devel-5.3.18-150300.59.76.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.76.1 kernel-macros-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.76.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.76.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.76.1 kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2 kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.76.1 kernel-default-base-5.3.18-150300.59.76.1.150300.18.45.2 kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.76.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.76.1 dlm-kmp-default-5.3.18-150300.59.76.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.76.1 gfs2-kmp-default-5.3.18-150300.59.76.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debuginfo-5.3.18-150300.59.76.1 kernel-default-debugsource-5.3.18-150300.59.76.1 ocfs2-kmp-default-5.3.18-150300.59.76.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.76.1 References: https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200206 https://bugzilla.suse.com/1200207 https://bugzilla.suse.com/1200249 https://bugzilla.suse.com/1200259 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200268 https://bugzilla.suse.com/1200529 From sle-updates at lists.suse.com Fri Jun 24 13:21:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 15:21:57 +0200 (CEST) Subject: SUSE-SU-2022:2174-1: important: Security update for python39 Message-ID: <20220624132157.46FDAF386@maintenance.suse.de> SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2174-1 Rating: important References: #1192249 #1198511 SLE-21253 Cross-References: CVE-2015-20107 CVSS scores: CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G??ry Ogam. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file''s encoding ("UTF-8" if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91734: Fix OSS audio support on Solaris. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove "Undocumented modules" page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan "yyyyyyyan" Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Build - bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build. - Windows - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. - bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl. - bpo-40859: Update Windows build to use xz-5.2.5 - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.9.12: - bpo-46968: Check for the existence of the "sys/auxv.h" header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a "zipfile.BadZipFile: Bad CRC-32 for file" exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - bpo-14156: argparse.FileType now supports an argument of '-'; in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - Update to 3.9.11: - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G??ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45925: Update Windows installer to use SQLite 3.37.2. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2174=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2174=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2174=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2174=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.13-150300.4.13.1 libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1 python39-3.9.13-150300.4.13.1 python39-base-3.9.13-150300.4.13.1 python39-base-debuginfo-3.9.13-150300.4.13.1 python39-core-debugsource-3.9.13-150300.4.13.1 python39-curses-3.9.13-150300.4.13.1 python39-curses-debuginfo-3.9.13-150300.4.13.1 python39-dbm-3.9.13-150300.4.13.1 python39-dbm-debuginfo-3.9.13-150300.4.13.1 python39-debuginfo-3.9.13-150300.4.13.1 python39-debugsource-3.9.13-150300.4.13.1 python39-devel-3.9.13-150300.4.13.1 python39-doc-3.9.13-150300.4.13.1 python39-doc-devhelp-3.9.13-150300.4.13.1 python39-idle-3.9.13-150300.4.13.1 python39-testsuite-3.9.13-150300.4.13.1 python39-testsuite-debuginfo-3.9.13-150300.4.13.1 python39-tk-3.9.13-150300.4.13.1 python39-tk-debuginfo-3.9.13-150300.4.13.1 python39-tools-3.9.13-150300.4.13.1 - openSUSE Leap 15.4 (x86_64): libpython3_9-1_0-32bit-3.9.13-150300.4.13.1 libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1 python39-32bit-3.9.13-150300.4.13.1 python39-32bit-debuginfo-3.9.13-150300.4.13.1 python39-base-32bit-3.9.13-150300.4.13.1 python39-base-32bit-debuginfo-3.9.13-150300.4.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.13-150300.4.13.1 libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1 python39-3.9.13-150300.4.13.1 python39-base-3.9.13-150300.4.13.1 python39-base-debuginfo-3.9.13-150300.4.13.1 python39-core-debugsource-3.9.13-150300.4.13.1 python39-curses-3.9.13-150300.4.13.1 python39-curses-debuginfo-3.9.13-150300.4.13.1 python39-dbm-3.9.13-150300.4.13.1 python39-dbm-debuginfo-3.9.13-150300.4.13.1 python39-debuginfo-3.9.13-150300.4.13.1 python39-debugsource-3.9.13-150300.4.13.1 python39-devel-3.9.13-150300.4.13.1 python39-doc-3.9.13-150300.4.13.1 python39-doc-devhelp-3.9.13-150300.4.13.1 python39-idle-3.9.13-150300.4.13.1 python39-testsuite-3.9.13-150300.4.13.1 python39-testsuite-debuginfo-3.9.13-150300.4.13.1 python39-tk-3.9.13-150300.4.13.1 python39-tk-debuginfo-3.9.13-150300.4.13.1 python39-tools-3.9.13-150300.4.13.1 - openSUSE Leap 15.3 (x86_64): libpython3_9-1_0-32bit-3.9.13-150300.4.13.1 libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1 python39-32bit-3.9.13-150300.4.13.1 python39-32bit-debuginfo-3.9.13-150300.4.13.1 python39-base-32bit-3.9.13-150300.4.13.1 python39-base-32bit-debuginfo-3.9.13-150300.4.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.13-150300.4.13.1 python39-tools-3.9.13-150300.4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.13-150300.4.13.1 libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1 python39-3.9.13-150300.4.13.1 python39-base-3.9.13-150300.4.13.1 python39-base-debuginfo-3.9.13-150300.4.13.1 python39-core-debugsource-3.9.13-150300.4.13.1 python39-curses-3.9.13-150300.4.13.1 python39-curses-debuginfo-3.9.13-150300.4.13.1 python39-dbm-3.9.13-150300.4.13.1 python39-dbm-debuginfo-3.9.13-150300.4.13.1 python39-debuginfo-3.9.13-150300.4.13.1 python39-debugsource-3.9.13-150300.4.13.1 python39-devel-3.9.13-150300.4.13.1 python39-idle-3.9.13-150300.4.13.1 python39-tk-3.9.13-150300.4.13.1 python39-tk-debuginfo-3.9.13-150300.4.13.1 References: https://www.suse.com/security/cve/CVE-2015-20107.html https://bugzilla.suse.com/1192249 https://bugzilla.suse.com/1198511 From sle-updates at lists.suse.com Fri Jun 24 16:17:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:17:16 +0200 (CEST) Subject: SUSE-SU-2022:2179-1: moderate: Security update for openssl Message-ID: <20220624161716.3E7DEF386@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2179-1 Rating: moderate References: #1200550 Cross-References: CVE-2022-2068 CVSS scores: CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2179=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2179=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2179=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2179=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2179=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2179=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-150100.14.33.1 libopenssl-1_1-devel-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-1.1.0i-150100.14.33.1 libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-debuginfo-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-1.1.0i-150100.14.33.1 libopenssl1_1-hmac-32bit-1.1.0i-150100.14.33.1 openssl-1_1-1.1.0i-150100.14.33.1 openssl-1_1-debuginfo-1.1.0i-150100.14.33.1 openssl-1_1-debugsource-1.1.0i-150100.14.33.1 References: https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Fri Jun 24 16:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:17:58 +0200 (CEST) Subject: SUSE-SU-2022:2178-1: important: Security update for salt Message-ID: <20220624161758.68048FD9D@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2178-1 Rating: important References: #1200566 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2178=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-2178=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2178=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2178=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2178=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2178=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.24.1 salt-3004-150300.53.24.1 salt-api-3004-150300.53.24.1 salt-cloud-3004-150300.53.24.1 salt-doc-3004-150300.53.24.1 salt-master-3004-150300.53.24.1 salt-minion-3004-150300.53.24.1 salt-proxy-3004-150300.53.24.1 salt-ssh-3004-150300.53.24.1 salt-standalone-formulas-configuration-3004-150300.53.24.1 salt-syndic-3004-150300.53.24.1 salt-transactional-update-3004-150300.53.24.1 - openSUSE Leap 15.3 (noarch): salt-bash-completion-3004-150300.53.24.1 salt-fish-completion-3004-150300.53.24.1 salt-zsh-completion-3004-150300.53.24.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150300.53.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3004-150300.53.24.1 salt-cloud-3004-150300.53.24.1 salt-master-3004-150300.53.24.1 salt-proxy-3004-150300.53.24.1 salt-ssh-3004-150300.53.24.1 salt-standalone-formulas-configuration-3004-150300.53.24.1 salt-syndic-3004-150300.53.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3004-150300.53.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.24.1 salt-3004-150300.53.24.1 salt-doc-3004-150300.53.24.1 salt-minion-3004-150300.53.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3004-150300.53.24.1 salt-zsh-completion-3004-150300.53.24.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3004-150300.53.24.1 salt-3004-150300.53.24.1 salt-minion-3004-150300.53.24.1 salt-transactional-update-3004-150300.53.24.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3004-150300.53.24.1 salt-3004-150300.53.24.1 salt-minion-3004-150300.53.24.1 salt-transactional-update-3004-150300.53.24.1 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1200566 From sle-updates at lists.suse.com Fri Jun 24 16:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:18:37 +0200 (CEST) Subject: SUSE-SU-2022:2175-1: important: Security update for drbd Message-ID: <20220624161837.F381AFD9D@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2175-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2175=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-9.0.22~1+git.fe2b5983-150200.3.15.2 drbd-debugsource-9.0.22~1+git.fe2b5983-150200.3.15.2 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_150200.24.115-150200.3.15.2 drbd-kmp-default-debuginfo-9.0.22~1+git.fe2b5983_k5.3.18_150200.24.115-150200.3.15.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 24 16:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:19:15 +0200 (CEST) Subject: SUSE-SU-2022:2181-1: moderate: Security update for openssl Message-ID: <20220624161915.BE700FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2181-1 Rating: moderate References: #1200550 Cross-References: CVE-2022-2068 CVSS scores: CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2181=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2181=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2181=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2181=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2181=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2181=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.56.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 libopenssl1_0_0-1.0.2p-3.56.1 libopenssl1_0_0-32bit-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1 libopenssl1_0_0-hmac-1.0.2p-3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1 openssl-1_0_0-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.56.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 libopenssl1_0_0-1.0.2p-3.56.1 libopenssl1_0_0-32bit-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1 libopenssl1_0_0-hmac-1.0.2p-3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1 openssl-1_0_0-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 libopenssl1_0_0-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-3.56.1 libopenssl1_0_0-hmac-1.0.2p-3.56.1 openssl-1_0_0-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 libopenssl1_0_0-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-3.56.1 libopenssl1_0_0-hmac-1.0.2p-3.56.1 openssl-1_0_0-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.56.1 libopenssl1_0_0-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-1.0.2p-3.56.1 libopenssl1_0_0-hmac-1.0.2p-3.56.1 openssl-1_0_0-1.0.2p-3.56.1 openssl-1_0_0-debuginfo-1.0.2p-3.56.1 openssl-1_0_0-debugsource-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.56.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.56.1 References: https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Fri Jun 24 16:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:20:06 +0200 (CEST) Subject: SUSE-SU-2022:2177-1: important: Security update for the Linux Kernel Message-ID: <20220624162006.6875DFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2177-1 Rating: important References: #1055117 #1061840 #1065729 #1103269 #1118212 #1153274 #1154353 #1156395 #1158266 #1167773 #1176447 #1177282 #1178134 #1180100 #1183405 #1188885 #1195826 #1196426 #1196478 #1196570 #1196840 #1197446 #1197472 #1197601 #1197675 #1198438 #1198577 #1198971 #1198989 #1199035 #1199052 #1199063 #1199114 #1199314 #1199365 #1199505 #1199507 #1199564 #1199626 #1199631 #1199650 #1199670 #1199839 #1200015 #1200019 #1200045 #1200046 #1200143 #1200144 #1200192 #1200206 #1200207 #1200216 #1200249 #1200259 #1200263 #1200529 #1200549 #1200604 SLE-13521 SLE-16387 SLE-8371 Cross-References: CVE-2019-19377 CVE-2020-26541 CVE-2021-33061 CVE-2022-0168 CVE-2022-1184 CVE-2022-1652 CVE-2022-1729 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1975 CVE-2022-20008 CVE-2022-20141 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 CVE-2022-32250 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0168 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains three features and has 39 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-2177=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2177=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2177=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.93.1 kernel-source-rt-5.3.18-150300.93.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.93.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.93.1 dlm-kmp-rt-5.3.18-150300.93.1 dlm-kmp-rt-debuginfo-5.3.18-150300.93.1 gfs2-kmp-rt-5.3.18-150300.93.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.93.1 kernel-rt-5.3.18-150300.93.1 kernel-rt-debuginfo-5.3.18-150300.93.1 kernel-rt-debugsource-5.3.18-150300.93.1 kernel-rt-devel-5.3.18-150300.93.1 kernel-rt-devel-debuginfo-5.3.18-150300.93.1 kernel-rt_debug-debuginfo-5.3.18-150300.93.1 kernel-rt_debug-debugsource-5.3.18-150300.93.1 kernel-rt_debug-devel-5.3.18-150300.93.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.93.1 kernel-syms-rt-5.3.18-150300.93.1 ocfs2-kmp-rt-5.3.18-150300.93.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.93.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.93.1 kernel-rt-debuginfo-5.3.18-150300.93.1 kernel-rt-debugsource-5.3.18-150300.93.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.93.1 kernel-rt-debuginfo-5.3.18-150300.93.1 kernel-rt-debugsource-5.3.18-150300.93.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2022-0168.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-30594.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1118212 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1195826 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196840 https://bugzilla.suse.com/1197446 https://bugzilla.suse.com/1197472 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1198989 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199052 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199114 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1199626 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200019 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200046 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200192 https://bugzilla.suse.com/1200206 https://bugzilla.suse.com/1200207 https://bugzilla.suse.com/1200216 https://bugzilla.suse.com/1200249 https://bugzilla.suse.com/1200259 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200529 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1200604 From sle-updates at lists.suse.com Fri Jun 24 16:26:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:26:00 +0200 (CEST) Subject: SUSE-SU-2022:2180-1: moderate: Security update for openssl Message-ID: <20220624162600.660C0FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2180-1 Rating: moderate References: #1200550 Cross-References: CVE-2022-2068 CVSS scores: CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2180=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2180=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2180=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2180=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2180=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2180=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2180=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.83.1 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.83.1 libopenssl1_0_0-1.0.2j-60.83.1 libopenssl1_0_0-32bit-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-1.0.2j-60.83.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.83.1 libopenssl1_0_0-hmac-1.0.2j-60.83.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.83.1 openssl-1.0.2j-60.83.1 openssl-debuginfo-1.0.2j-60.83.1 openssl-debugsource-1.0.2j-60.83.1 References: https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Fri Jun 24 16:26:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 18:26:44 +0200 (CEST) Subject: SUSE-SU-2022:2182-1: moderate: Security update for openssl-1_1 Message-ID: <20220624162644.19F53FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2182-1 Rating: moderate References: #1185637 #1199166 #1200550 Cross-References: CVE-2022-1292 CVE-2022-2068 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2182=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2182=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2182=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2182=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2182=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2182=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.66.1 libopenssl1_1-32bit-1.1.1d-2.66.1 libopenssl1_1-debuginfo-1.1.1d-2.66.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1 libopenssl1_1-hmac-1.1.1d-2.66.1 libopenssl1_1-hmac-32bit-1.1.1d-2.66.1 openssl-1_1-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.66.1 libopenssl1_1-32bit-1.1.1d-2.66.1 libopenssl1_1-debuginfo-1.1.1d-2.66.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1 libopenssl1_1-hmac-1.1.1d-2.66.1 libopenssl1_1-hmac-32bit-1.1.1d-2.66.1 openssl-1_1-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.66.1 libopenssl1_1-debuginfo-1.1.1d-2.66.1 libopenssl1_1-hmac-1.1.1d-2.66.1 openssl-1_1-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.66.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1 libopenssl1_1-hmac-32bit-1.1.1d-2.66.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.66.1 libopenssl1_1-debuginfo-1.1.1d-2.66.1 libopenssl1_1-hmac-1.1.1d-2.66.1 openssl-1_1-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.66.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1 libopenssl1_1-hmac-32bit-1.1.1d-2.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.66.1 libopenssl1_1-debuginfo-1.1.1d-2.66.1 libopenssl1_1-hmac-1.1.1d-2.66.1 openssl-1_1-1.1.1d-2.66.1 openssl-1_1-debuginfo-1.1.1d-2.66.1 openssl-1_1-debugsource-1.1.1d-2.66.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.66.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1 libopenssl1_1-hmac-32bit-1.1.1d-2.66.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1185637 https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Fri Jun 24 19:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 21:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2185-1: important: Security update for php7 Message-ID: <20220624191632.8F4F7F386@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2185-1 Rating: important References: #1200628 #1200645 Cross-References: CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2185=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2185=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2185=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2185=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2185=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2185=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2185=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2185=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2185=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2185=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2185=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2185=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2185=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-firebird-7.4.6-150200.3.41.1 php7-firebird-debuginfo-7.4.6-150200.3.41.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-embed-7.4.6-150200.3.41.1 php7-embed-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-firebird-7.4.6-150200.3.41.1 php7-firebird-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-test-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Manager Proxy 4.1 (x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-embed-7.4.6-150200.3.41.1 php7-embed-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_php7-7.4.6-150200.3.41.1 apache2-mod_php7-debuginfo-7.4.6-150200.3.41.1 php7-7.4.6-150200.3.41.1 php7-bcmath-7.4.6-150200.3.41.1 php7-bcmath-debuginfo-7.4.6-150200.3.41.1 php7-bz2-7.4.6-150200.3.41.1 php7-bz2-debuginfo-7.4.6-150200.3.41.1 php7-calendar-7.4.6-150200.3.41.1 php7-calendar-debuginfo-7.4.6-150200.3.41.1 php7-ctype-7.4.6-150200.3.41.1 php7-ctype-debuginfo-7.4.6-150200.3.41.1 php7-curl-7.4.6-150200.3.41.1 php7-curl-debuginfo-7.4.6-150200.3.41.1 php7-dba-7.4.6-150200.3.41.1 php7-dba-debuginfo-7.4.6-150200.3.41.1 php7-debuginfo-7.4.6-150200.3.41.1 php7-debugsource-7.4.6-150200.3.41.1 php7-devel-7.4.6-150200.3.41.1 php7-dom-7.4.6-150200.3.41.1 php7-dom-debuginfo-7.4.6-150200.3.41.1 php7-enchant-7.4.6-150200.3.41.1 php7-enchant-debuginfo-7.4.6-150200.3.41.1 php7-exif-7.4.6-150200.3.41.1 php7-exif-debuginfo-7.4.6-150200.3.41.1 php7-fastcgi-7.4.6-150200.3.41.1 php7-fastcgi-debuginfo-7.4.6-150200.3.41.1 php7-fileinfo-7.4.6-150200.3.41.1 php7-fileinfo-debuginfo-7.4.6-150200.3.41.1 php7-fpm-7.4.6-150200.3.41.1 php7-fpm-debuginfo-7.4.6-150200.3.41.1 php7-ftp-7.4.6-150200.3.41.1 php7-ftp-debuginfo-7.4.6-150200.3.41.1 php7-gd-7.4.6-150200.3.41.1 php7-gd-debuginfo-7.4.6-150200.3.41.1 php7-gettext-7.4.6-150200.3.41.1 php7-gettext-debuginfo-7.4.6-150200.3.41.1 php7-gmp-7.4.6-150200.3.41.1 php7-gmp-debuginfo-7.4.6-150200.3.41.1 php7-iconv-7.4.6-150200.3.41.1 php7-iconv-debuginfo-7.4.6-150200.3.41.1 php7-intl-7.4.6-150200.3.41.1 php7-intl-debuginfo-7.4.6-150200.3.41.1 php7-json-7.4.6-150200.3.41.1 php7-json-debuginfo-7.4.6-150200.3.41.1 php7-ldap-7.4.6-150200.3.41.1 php7-ldap-debuginfo-7.4.6-150200.3.41.1 php7-mbstring-7.4.6-150200.3.41.1 php7-mbstring-debuginfo-7.4.6-150200.3.41.1 php7-mysql-7.4.6-150200.3.41.1 php7-mysql-debuginfo-7.4.6-150200.3.41.1 php7-odbc-7.4.6-150200.3.41.1 php7-odbc-debuginfo-7.4.6-150200.3.41.1 php7-opcache-7.4.6-150200.3.41.1 php7-opcache-debuginfo-7.4.6-150200.3.41.1 php7-openssl-7.4.6-150200.3.41.1 php7-openssl-debuginfo-7.4.6-150200.3.41.1 php7-pcntl-7.4.6-150200.3.41.1 php7-pcntl-debuginfo-7.4.6-150200.3.41.1 php7-pdo-7.4.6-150200.3.41.1 php7-pdo-debuginfo-7.4.6-150200.3.41.1 php7-pgsql-7.4.6-150200.3.41.1 php7-pgsql-debuginfo-7.4.6-150200.3.41.1 php7-phar-7.4.6-150200.3.41.1 php7-phar-debuginfo-7.4.6-150200.3.41.1 php7-posix-7.4.6-150200.3.41.1 php7-posix-debuginfo-7.4.6-150200.3.41.1 php7-readline-7.4.6-150200.3.41.1 php7-readline-debuginfo-7.4.6-150200.3.41.1 php7-shmop-7.4.6-150200.3.41.1 php7-shmop-debuginfo-7.4.6-150200.3.41.1 php7-snmp-7.4.6-150200.3.41.1 php7-snmp-debuginfo-7.4.6-150200.3.41.1 php7-soap-7.4.6-150200.3.41.1 php7-soap-debuginfo-7.4.6-150200.3.41.1 php7-sockets-7.4.6-150200.3.41.1 php7-sockets-debuginfo-7.4.6-150200.3.41.1 php7-sodium-7.4.6-150200.3.41.1 php7-sodium-debuginfo-7.4.6-150200.3.41.1 php7-sqlite-7.4.6-150200.3.41.1 php7-sqlite-debuginfo-7.4.6-150200.3.41.1 php7-sysvmsg-7.4.6-150200.3.41.1 php7-sysvmsg-debuginfo-7.4.6-150200.3.41.1 php7-sysvsem-7.4.6-150200.3.41.1 php7-sysvsem-debuginfo-7.4.6-150200.3.41.1 php7-sysvshm-7.4.6-150200.3.41.1 php7-sysvshm-debuginfo-7.4.6-150200.3.41.1 php7-tidy-7.4.6-150200.3.41.1 php7-tidy-debuginfo-7.4.6-150200.3.41.1 php7-tokenizer-7.4.6-150200.3.41.1 php7-tokenizer-debuginfo-7.4.6-150200.3.41.1 php7-xmlreader-7.4.6-150200.3.41.1 php7-xmlreader-debuginfo-7.4.6-150200.3.41.1 php7-xmlrpc-7.4.6-150200.3.41.1 php7-xmlrpc-debuginfo-7.4.6-150200.3.41.1 php7-xmlwriter-7.4.6-150200.3.41.1 php7-xmlwriter-debuginfo-7.4.6-150200.3.41.1 php7-xsl-7.4.6-150200.3.41.1 php7-xsl-debuginfo-7.4.6-150200.3.41.1 php7-zip-7.4.6-150200.3.41.1 php7-zip-debuginfo-7.4.6-150200.3.41.1 php7-zlib-7.4.6-150200.3.41.1 php7-zlib-debuginfo-7.4.6-150200.3.41.1 References: https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Fri Jun 24 19:17:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 21:17:28 +0200 (CEST) Subject: SUSE-SU-2022:2184-1: important: Security update for liblouis Message-ID: <20220624191728.1556FF386@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2184-1 Rating: important References: #1197085 #1200120 Cross-References: CVE-2022-26981 CVE-2022-31783 CVSS scores: CVE-2022-26981 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26981 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-31783 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-31783 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2184=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2184=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2184=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2184=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2184=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2184=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2184=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2184=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2184=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2184=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2184=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2184=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis-doc-3.11.0-150200.3.3.1 liblouis-tools-3.11.0-150200.3.3.1 liblouis-tools-debuginfo-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - openSUSE Leap 15.3 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Manager Server 4.1 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Manager Proxy 4.1 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): liblouis-data-3.11.0-150200.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): liblouis-debuginfo-3.11.0-150200.3.3.1 liblouis-debugsource-3.11.0-150200.3.3.1 liblouis-devel-3.11.0-150200.3.3.1 liblouis19-3.11.0-150200.3.3.1 liblouis19-debuginfo-3.11.0-150200.3.3.1 python3-louis-3.11.0-150200.3.3.1 - SUSE Enterprise Storage 7 (noarch): liblouis-data-3.11.0-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-26981.html https://www.suse.com/security/cve/CVE-2022-31783.html https://bugzilla.suse.com/1197085 https://bugzilla.suse.com/1200120 From sle-updates at lists.suse.com Fri Jun 24 19:18:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2022 21:18:17 +0200 (CEST) Subject: SUSE-SU-2022:2183-1: important: Security update for php72 Message-ID: <20220624191817.25362F386@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2183-1 Rating: important References: #1200628 #1200645 Cross-References: CVE-2022-31625 CVE-2022-31626 CVSS scores: CVE-2022-31625 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31626 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php72 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2183=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2183=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.81.1 php72-debugsource-7.2.5-1.81.1 php72-devel-7.2.5-1.81.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.81.1 apache2-mod_php72-debuginfo-7.2.5-1.81.1 php72-7.2.5-1.81.1 php72-bcmath-7.2.5-1.81.1 php72-bcmath-debuginfo-7.2.5-1.81.1 php72-bz2-7.2.5-1.81.1 php72-bz2-debuginfo-7.2.5-1.81.1 php72-calendar-7.2.5-1.81.1 php72-calendar-debuginfo-7.2.5-1.81.1 php72-ctype-7.2.5-1.81.1 php72-ctype-debuginfo-7.2.5-1.81.1 php72-curl-7.2.5-1.81.1 php72-curl-debuginfo-7.2.5-1.81.1 php72-dba-7.2.5-1.81.1 php72-dba-debuginfo-7.2.5-1.81.1 php72-debuginfo-7.2.5-1.81.1 php72-debugsource-7.2.5-1.81.1 php72-dom-7.2.5-1.81.1 php72-dom-debuginfo-7.2.5-1.81.1 php72-enchant-7.2.5-1.81.1 php72-enchant-debuginfo-7.2.5-1.81.1 php72-exif-7.2.5-1.81.1 php72-exif-debuginfo-7.2.5-1.81.1 php72-fastcgi-7.2.5-1.81.1 php72-fastcgi-debuginfo-7.2.5-1.81.1 php72-fileinfo-7.2.5-1.81.1 php72-fileinfo-debuginfo-7.2.5-1.81.1 php72-fpm-7.2.5-1.81.1 php72-fpm-debuginfo-7.2.5-1.81.1 php72-ftp-7.2.5-1.81.1 php72-ftp-debuginfo-7.2.5-1.81.1 php72-gd-7.2.5-1.81.1 php72-gd-debuginfo-7.2.5-1.81.1 php72-gettext-7.2.5-1.81.1 php72-gettext-debuginfo-7.2.5-1.81.1 php72-gmp-7.2.5-1.81.1 php72-gmp-debuginfo-7.2.5-1.81.1 php72-iconv-7.2.5-1.81.1 php72-iconv-debuginfo-7.2.5-1.81.1 php72-imap-7.2.5-1.81.1 php72-imap-debuginfo-7.2.5-1.81.1 php72-intl-7.2.5-1.81.1 php72-intl-debuginfo-7.2.5-1.81.1 php72-json-7.2.5-1.81.1 php72-json-debuginfo-7.2.5-1.81.1 php72-ldap-7.2.5-1.81.1 php72-ldap-debuginfo-7.2.5-1.81.1 php72-mbstring-7.2.5-1.81.1 php72-mbstring-debuginfo-7.2.5-1.81.1 php72-mysql-7.2.5-1.81.1 php72-mysql-debuginfo-7.2.5-1.81.1 php72-odbc-7.2.5-1.81.1 php72-odbc-debuginfo-7.2.5-1.81.1 php72-opcache-7.2.5-1.81.1 php72-opcache-debuginfo-7.2.5-1.81.1 php72-openssl-7.2.5-1.81.1 php72-openssl-debuginfo-7.2.5-1.81.1 php72-pcntl-7.2.5-1.81.1 php72-pcntl-debuginfo-7.2.5-1.81.1 php72-pdo-7.2.5-1.81.1 php72-pdo-debuginfo-7.2.5-1.81.1 php72-pgsql-7.2.5-1.81.1 php72-pgsql-debuginfo-7.2.5-1.81.1 php72-phar-7.2.5-1.81.1 php72-phar-debuginfo-7.2.5-1.81.1 php72-posix-7.2.5-1.81.1 php72-posix-debuginfo-7.2.5-1.81.1 php72-pspell-7.2.5-1.81.1 php72-pspell-debuginfo-7.2.5-1.81.1 php72-readline-7.2.5-1.81.1 php72-readline-debuginfo-7.2.5-1.81.1 php72-shmop-7.2.5-1.81.1 php72-shmop-debuginfo-7.2.5-1.81.1 php72-snmp-7.2.5-1.81.1 php72-snmp-debuginfo-7.2.5-1.81.1 php72-soap-7.2.5-1.81.1 php72-soap-debuginfo-7.2.5-1.81.1 php72-sockets-7.2.5-1.81.1 php72-sockets-debuginfo-7.2.5-1.81.1 php72-sodium-7.2.5-1.81.1 php72-sodium-debuginfo-7.2.5-1.81.1 php72-sqlite-7.2.5-1.81.1 php72-sqlite-debuginfo-7.2.5-1.81.1 php72-sysvmsg-7.2.5-1.81.1 php72-sysvmsg-debuginfo-7.2.5-1.81.1 php72-sysvsem-7.2.5-1.81.1 php72-sysvsem-debuginfo-7.2.5-1.81.1 php72-sysvshm-7.2.5-1.81.1 php72-sysvshm-debuginfo-7.2.5-1.81.1 php72-tidy-7.2.5-1.81.1 php72-tidy-debuginfo-7.2.5-1.81.1 php72-tokenizer-7.2.5-1.81.1 php72-tokenizer-debuginfo-7.2.5-1.81.1 php72-wddx-7.2.5-1.81.1 php72-wddx-debuginfo-7.2.5-1.81.1 php72-xmlreader-7.2.5-1.81.1 php72-xmlreader-debuginfo-7.2.5-1.81.1 php72-xmlrpc-7.2.5-1.81.1 php72-xmlrpc-debuginfo-7.2.5-1.81.1 php72-xmlwriter-7.2.5-1.81.1 php72-xmlwriter-debuginfo-7.2.5-1.81.1 php72-xsl-7.2.5-1.81.1 php72-xsl-debuginfo-7.2.5-1.81.1 php72-zip-7.2.5-1.81.1 php72-zip-debuginfo-7.2.5-1.81.1 php72-zlib-7.2.5-1.81.1 php72-zlib-debuginfo-7.2.5-1.81.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.81.1 php72-pear-Archive_Tar-7.2.5-1.81.1 References: https://www.suse.com/security/cve/CVE-2022-31625.html https://www.suse.com/security/cve/CVE-2022-31626.html https://bugzilla.suse.com/1200628 https://bugzilla.suse.com/1200645 From sle-updates at lists.suse.com Fri Jun 24 22:16:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jun 2022 00:16:55 +0200 (CEST) Subject: SUSE-SU-2022:2187-1: important: Security update for oracleasm Message-ID: <20220624221655.2D314F386@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2187-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2187=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.124-9.11.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.124-9.11.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Jun 24 22:17:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jun 2022 00:17:31 +0200 (CEST) Subject: SUSE-SU-2022:2186-1: important: Security update for oracleasm Message-ID: <20220624221731.C04A9F386@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2186-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2186=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2186=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2186=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2186=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.99-4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.99-4.9.1 - SUSE OpenStack Cloud 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.99-4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.99-4.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.99-4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.99-4.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.99-4.9.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.99-4.9.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Sat Jun 25 07:40:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jun 2022 09:40:45 +0200 (CEST) Subject: SUSE-CU-2022:1384-1: Security update of suse/sle15 Message-ID: <20220625074045.A524AF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1384-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.635 Container Release : 6.2.635 Severity : moderate Type : security References : 1200550 CVE-2022-2068 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.33.1 updated - openssl-1_1-1.1.0i-150100.14.33.1 updated From sle-updates at lists.suse.com Sat Jun 25 07:45:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jun 2022 09:45:50 +0200 (CEST) Subject: SUSE-CU-2022:1385-1: Security update of bci/python Message-ID: <20220625074550.68FE9F386@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1385-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.9 Container Release : 18.9 Severity : important Type : security References : 1192249 1198511 CVE-2015-20107 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2174-1 Released: Fri Jun 24 11:34:17 2022 Summary: Security update for python39 Type: security Severity: important References: 1192249,1198511,CVE-2015-20107 This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by G?ry Ogam. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file''s encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91734: Fix OSS audio support on Solaris. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Build - bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build. - Windows - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. - bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl. - bpo-40859: Update Windows build to use xz-5.2.5 - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.9.12: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - bpo-14156: argparse.FileType now supports an argument of '-'; in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - Update to 3.9.11: - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by G?ry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45925: Update Windows installer to use SQLite 3.37.2. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. The following package changes have been done: - libpython3_9-1_0-3.9.13-150300.4.13.1 updated - python39-base-3.9.13-150300.4.13.1 updated - python39-3.9.13-150300.4.13.1 updated From sle-updates at lists.suse.com Mon Jun 27 13:16:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2022 15:16:18 +0200 (CEST) Subject: SUSE-SU-2022:2189-1: important: Security update for mariadb Message-ID: <20220627131618.C6AC2F386@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2189-1 Rating: important References: #1198603 #1198604 #1198605 #1198606 #1198607 #1198609 #1198610 #1198611 #1198612 #1198613 #1198628 #1198629 #1198630 #1198631 #1198632 #1198633 #1198634 #1198635 #1198636 #1198637 #1198638 #1198639 #1198640 #1199928 Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVSS scores: CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27379 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27382 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27382 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27444 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27444 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27446 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27446 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27447 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27447 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27448 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27448 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27449 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27451 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27452 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27452 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27455 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27455 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27456 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27456 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27457 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27457 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27458 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27458 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Update to 10.4.25 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) External refernences: - https://mariadb.com/kb/en/library/mariadb-10425-release-notes - https://mariadb.com/kb/en/library/mariadb-10425-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2189=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2189=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2189=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2189=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2189=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2189=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2189=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2189=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2189=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Manager Server 4.1 (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Manager Retail Branch Server 4.1 (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Manager Proxy 4.1 (x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Manager Proxy 4.1 (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmariadbd-devel-10.4.25-150200.3.28.1 libmariadbd19-10.4.25-150200.3.28.1 libmariadbd19-debuginfo-10.4.25-150200.3.28.1 mariadb-10.4.25-150200.3.28.1 mariadb-client-10.4.25-150200.3.28.1 mariadb-client-debuginfo-10.4.25-150200.3.28.1 mariadb-debuginfo-10.4.25-150200.3.28.1 mariadb-debugsource-10.4.25-150200.3.28.1 mariadb-tools-10.4.25-150200.3.28.1 mariadb-tools-debuginfo-10.4.25-150200.3.28.1 - SUSE Enterprise Storage 7 (noarch): mariadb-errormessages-10.4.25-150200.3.28.1 References: https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-21427.html https://www.suse.com/security/cve/CVE-2022-27376.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27379.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27382.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27444.html https://www.suse.com/security/cve/CVE-2022-27445.html https://www.suse.com/security/cve/CVE-2022-27446.html https://www.suse.com/security/cve/CVE-2022-27447.html https://www.suse.com/security/cve/CVE-2022-27448.html https://www.suse.com/security/cve/CVE-2022-27449.html https://www.suse.com/security/cve/CVE-2022-27451.html https://www.suse.com/security/cve/CVE-2022-27452.html https://www.suse.com/security/cve/CVE-2022-27455.html https://www.suse.com/security/cve/CVE-2022-27456.html https://www.suse.com/security/cve/CVE-2022-27457.html https://www.suse.com/security/cve/CVE-2022-27458.html https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198605 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198609 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198628 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1198630 https://bugzilla.suse.com/1198631 https://bugzilla.suse.com/1198632 https://bugzilla.suse.com/1198633 https://bugzilla.suse.com/1198634 https://bugzilla.suse.com/1198635 https://bugzilla.suse.com/1198636 https://bugzilla.suse.com/1198637 https://bugzilla.suse.com/1198638 https://bugzilla.suse.com/1198639 https://bugzilla.suse.com/1198640 https://bugzilla.suse.com/1199928 From sle-updates at lists.suse.com Mon Jun 27 16:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2022 18:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2191-1: important: Security update for drbd Message-ID: <20220627161606.17103FD9D@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2191-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2191=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-150000.3.28.2 drbd-debugsource-9.0.15+git.c46d2790-150000.3.28.2 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_150000.150.92-150000.3.28.2 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_150000.150.92-150000.3.28.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Jun 27 16:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2022 18:16:39 +0200 (CEST) Subject: SUSE-SU-2022:2190-1: important: Security update for drbd Message-ID: <20220627161639.DB46FFD9D@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2190-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2190=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-150100.8.27.2 drbd-debugsource-9.0.16+git.ab9777df-150100.8.27.2 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_150100.197.114-150100.8.27.2 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_150100.197.114-150100.8.27.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Jun 27 19:16:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2022 21:16:03 +0200 (CEST) Subject: SUSE-SU-2022:2192-1: critical: Security update for rubygem-rack Message-ID: <20220627191603.B560CFD9D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2192-1 Rating: critical References: #1200748 #1200750 Cross-References: CVE-2022-30122 CVE-2022-30123 CVSS scores: CVE-2022-30122 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-30123 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748) - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2192=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2192=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2192=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2192=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2192=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2192=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2192=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1 ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1 ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-30122.html https://www.suse.com/security/cve/CVE-2022-30123.html https://bugzilla.suse.com/1200748 https://bugzilla.suse.com/1200750 From sle-updates at lists.suse.com Mon Jun 27 22:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2022 00:16:40 +0200 (CEST) Subject: SUSE-SU-2022:2194-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5) Message-ID: <20220627221640.9B532FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2194-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_91 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2194=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2193=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_91-default-13-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_93-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Tue Jun 28 04:16:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2022 06:16:02 +0200 (CEST) Subject: SUSE-SU-2022:2195-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP5) Message-ID: <20220628041602.8442EFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2195-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_121 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2195=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_121-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Tue Jun 28 07:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2022 09:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2196-1: important: Security update for oracleasm Message-ID: <20220628071632.DBCAEFD9D@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2196-1 Rating: important References: #1198581 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2196=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2196=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2196=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-2196=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2196=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2196=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 - SUSE OpenStack Cloud 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 - HPE Helion Openstack 8 (x86_64): oracleasm-kmp-default-2.0.8_k4.4.180_94.164-3.13.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.180_94.164-3.13.1 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Jun 28 07:17:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2022 09:17:05 +0200 (CEST) Subject: SUSE-SU-2022:2197-1: moderate: Security update for openssl-1_0_0 Message-ID: <20220628071705.56535FD9D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2197-1 Rating: moderate References: #1199166 #1200550 Cross-References: CVE-2022-1292 CVE-2022-2068 CVSS scores: CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-2197=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2197=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-2197=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-2197=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.36.1 libopenssl0_9_8-0.9.8j-106.36.1 libopenssl0_9_8-debuginfo-0.9.8j-106.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.36.1 libopenssl0_9_8-0.9.8j-106.36.1 libopenssl0_9_8-debuginfo-0.9.8j-106.36.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.36.1 libopenssl0_9_8-0.9.8j-106.36.1 libopenssl0_9_8-debuginfo-0.9.8j-106.36.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.36.1 libopenssl0_9_8-0.9.8j-106.36.1 libopenssl0_9_8-32bit-0.9.8j-106.36.1 libopenssl0_9_8-debuginfo-0.9.8j-106.36.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.36.1 References: https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html https://bugzilla.suse.com/1199166 https://bugzilla.suse.com/1200550 From sle-updates at lists.suse.com Tue Jun 28 19:16:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2022 21:16:18 +0200 (CEST) Subject: SUSE-SU-2022:2206-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20220628191618.04ECAFD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2206-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2198=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2199=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2200=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2203=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2204=1 SUSE-SLE-Live-Patching-12-SP5-2022-2205=1 SUSE-SLE-Live-Patching-12-SP5-2022-2207=1 SUSE-SLE-Live-Patching-12-SP5-2022-2208=1 SUSE-SLE-Live-Patching-12-SP5-2022-2209=1 SUSE-SLE-Live-Patching-12-SP5-2022-2210=1 SUSE-SLE-Live-Patching-12-SP5-2022-2211=1 SUSE-SLE-Live-Patching-12-SP5-2022-2212=1 SUSE-SLE-Live-Patching-12-SP5-2022-2213=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2201=1 SUSE-SLE-Live-Patching-12-SP4-2022-2202=1 SUSE-SLE-Live-Patching-12-SP4-2022-2206=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-4-150100.2.2 kernel-livepatch-4_12_14-197_105-default-6-150100.2.2 kernel-livepatch-4_12_14-197_108-default-5-150100.2.2 kernel-livepatch-4_12_14-197_99-default-15-150100.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-11-2.2 kgraft-patch-4_12_14-122_106-default-9-2.2 kgraft-patch-4_12_14-122_110-default-7-2.2 kgraft-patch-4_12_14-122_113-default-6-2.2 kgraft-patch-4_12_14-122_116-default-4-2.2 kgraft-patch-4_12_14-122_80-default-16-2.2 kgraft-patch-4_12_14-122_83-default-15-2.2 kgraft-patch-4_12_14-122_88-default-13-2.2 kgraft-patch-4_12_14-122_98-default-11-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_80-default-15-2.2 kgraft-patch-4_12_14-95_88-default-6-2.2 kgraft-patch-4_12_14-95_96-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Wed Jun 29 10:15:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jun 2022 12:15:57 +0200 (CEST) Subject: SUSE-SU-2022:2214-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) Message-ID: <20220629101557.CC111FDD4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2214-1 Rating: important References: #1199648 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1966 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_71 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2214=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_71-default-2-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Wed Jun 29 13:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jun 2022 15:16:40 +0200 (CEST) Subject: SUSE-SU-2022:2217-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) Message-ID: <20220629131640.D42CCFDD4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2217-1 Rating: important References: #1199606 Cross-References: CVE-2022-1734 CVSS scores: CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2217=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_83-default-10-2.2 References: https://www.suse.com/security/cve/CVE-2022-1734.html https://bugzilla.suse.com/1199606 From sle-updates at lists.suse.com Wed Jun 29 13:17:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jun 2022 15:17:19 +0200 (CEST) Subject: SUSE-SU-2022:2216-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) Message-ID: <20220629131719.B2375FDD4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2216-1 Rating: important References: #1199606 #1199648 #1200266 #1200268 Cross-References: CVE-2022-1116 CVE-2022-1734 CVE-2022-1966 CVE-2022-1972 CVE-2022-32250 CVSS scores: CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues. The following security issues were fixed: - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring that allows local attacker to cause memory corruption and escalate privileges to root. (bsc#1199647) versions. - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2215=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2216=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2218=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-7-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-3-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1200266 https://bugzilla.suse.com/1200268 From sle-updates at lists.suse.com Thu Jun 30 16:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2022 18:15:51 +0200 (CEST) Subject: SUSE-RU-2022:2219-1: Recommended update for python3-azuremetadata and regionServiceClientConfigAzure Message-ID: <20220630161551.7A342FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-azuremetadata and regionServiceClientConfigAzure ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2219-1 Rating: low References: SLE-22206 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This updates for python3-azuremetadata and regionServiceClientConfigAzure fixes the following issues: - This is a re-release, no souce changes. This releases the packages to some extra repositories. (jsc#SLE-22206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2219=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2219=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-azuremetadata-5.1.4-1.20.1 regionServiceClientConfigAzure-1.0.5-3.15.1 References: